To generate SSL Certificates

1. Generate Private Key on the Server Running Apache + mod_ssl

 openssl genrsa -des3 -out server_domain.key 2048

2. Generate a Certificate Signing Request (CSR)

 openssl req -new -key server_domain.key -out server_domain.csr

To view the contents of CSR

 openssl req -text -noout -in server_domain.csr

3. Generate a Self-Signed SSL Certificate

 openssl x509 -req -days 365 -in server_domain.csr -signkey server_domain.key -out server_domain.crt

To unlock your server.key (only if you provided a pass-phrase)

 openssl rsa -in server_domain.key -out server_domain-new.key

Alternatively there is a wizard available: OpenSSL CSR Wizard - The fastest way to create your CSR for Apache (or any platform using OpenSSL)

To install Certificates on Server

1. Copy the Certificate files to a directory on your server. 2. Edit the Apache config file.

  DocumentRoot /var/www/html2
  ServerName www.yourdomain.com
  SSLEngine on
  SSLCertificateFile /path/to/server_domain.crt
  SSLCertificateKeyFile /path/to/server_domain.key
  SSLCertificateChainFile /path/to/AusCert.crt

3. Test your Apache config before restarting.

 apachectl configtest

4. Restart Apache

 apachectl stop
 apachectl start   |   apachectl startssl

Note: If Apache does not start with SSL support, try using “apachectl startssl” instead of “apachectl start”. If SSL support only loads with “apachectl startssl” we recommend you adjust the apache startup configuration to include SSL support in the regular “apachectl start” command. Otherwise your server may require that you manually restart Apache using “apachectl startssl” in the event of a server reboot. This usually involves removing the <IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.

A .htaccess (hypertext_ access_) file is a directory-level configuration file supported by several web servers, that allows for decentralized management of web server configuration.

.htaccess redirect generator Here's a free .htaccess redirect generation tool.

Allow content-negotiation in Apache server

Options +MultiViews

If a named resource doesn't exist, Apache will glob for the file, then sort based on the media type and content encoding requirements sent by the browser.

If there's only one file (your PHP script), then that's what the URL resolves to.

example: http://www.foo.com/hello would be the same as http://www.foo.com/hello.php if there is only one file named “hello”.

This method does not make use of “mod_rewrite” but instead content negotiation is provided by the “mod_negotiation” module, which is compiled in by default.

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !/maintenance.html$
RewriteCond %{REMOTE_HOST} !^192\.168\.1\.5
RewriteRule $ /maintenance.html [R=302,L]

Change the given IP address to the IP of your machine that will be excluded in maintenance.

  • wiki/apache.txt
  • Last modified: 2016/05/02 16:17
  • by marlon