Apache and SSL

[c00kie]

Hi

I'm interested in tweaking Apache, especially with SSL and am looking for some advice really. My certificate provider or CA has a wiki with instructions on configuring Apache with SSL, however it's based on Linux or Ubuntu, whereas I'm working with FreeBSD.

One of the early steps from the wiki says:

Next, make sure that Apache listens on the HTTPS port. In the file /etc/apache2/ports.conf, add:

<IfModule mod_ssl.c>
    Listen 443
    NameVirtualHost YOUR_IP_ADDRESS:443
</IfModule>

…if it is not already present.

Like I said, I'm using FreeBSD so I'm editing /usr/local/etc/apache22/httpd.conf

Question, in httpd.conf

is

<IfModule mod_ssl.c>
    Listen 443
    NameVirtualHost YOUR_IP_ADDRESS:443
</IfModule>

the same as:

Listen xxx.xxx.xx.xx:443

NB. I'm of the understanding that

mod_ssl

is installed by default on FreeBSD.

 

[ShelLuser]

My advice would be simply checking Apache's configuration to make sure you have everything set up. For example you could use:

root@smtp2:/etc # make -C /usr/ports/www/apache22 showconfig | grep ssl
     SSL=on: mod_ssl

Which will clearly indicate if SSL support was enabled or not.

A "FreeBSD way" of doing all this is to check up with /usr/local/etc/apache22/extra. A lot of Apache "add ons" will put a default configuration file in that directory, so that all you need to do to add support for a particular module is to include the appropriate configuration file.

In this case we're talking about /usr/local/etc/apache22/extra/httpd-ssl.conf. If you check httpd.conf you might find a commented line in there which can include this file.

Obviously you would need to change the file to match your own setup.

Even so, in the end you're pretty much free to set things up you like. Those howto's which you found might be perfectly usable too. It maybe Linux specific (so the paths might not match) but the different sections which you need to add to Apache's configuration files most likely will.