-
Create the key and signed certificate.
% cd /usr/local/apache_1.3.19/src % make certificate
-
The make certificate script asks for several fields including country, state, organization name, and the machine hostname encoded into the certificate. The script produces a file that contains both the private key and the signed certificate:
/usr/local/apache_1.3.19/SSLconf/conf/httpsd.pem
-
After logging in as the
root
user, copy the key and certificate file into the Apache installation:% cd /usr/local/apache_1.3.19/SSLconf/conf % cp httpsd.pem /usr/local/apache/conf/default.pem
-
Modify the httpsd.conf file with a text editor so that PHP files are processed by the PHP scripting engine. The configuration file is found in the directory /usr/local/apache/conf/. Remove the initial
#
character from the following line:AddType application/x-httpd-php .php
-
Modify the httpsd.conf file by changing the
Port
from80
to the secure web server port443
:Port 443
-
Add the following lines to the end of the httpsd.conf file:
# # SSL Parameters # SSLCACertificateFile /usr/local/apache/conf/default.pem SSLCertificateFile /usr/local/apache/conf/default.pem SSLCacheServerPath /usr/local/apache/bin/gcache SSLCacheServerPort 18698 SSLSessionCacheTimeout 3600
-
Start Apache. Unlike a normal Apache installation, ApacheSSL creates an httpsdctl script:
% /usr/local/apache/bin/httpsdctl start
In some cases, this doesn't correctly start Apache. If this happens, use the following alternative commands to explicitly specify the configuration file to use with the secure Apache:
% cd /usr/local/apache/ % bin/httpsd -f conf/httpsd.conf
-
A secure Apache is now running and serving requests on port 443-the default HTTPS port-with SSL. This can be tested by requesting the resource https://localhost/ with a web browser. The installation process is now complete.
When a resource such as https://localhost/ is requested with a browser, the browser alerts the user to an unknown certificate. To obtain a certificate that will be trusted by users, the openssl utility needs to be run to create a private key and a certificate request. The certificate request is then sent to a Certification Authority to be signed using their authoritative certificates. There is a fee for this service. While the Apache configuration allows both the key and the certificate to be placed in the one file, the private key should not be sent to anyone, not even the Certification Authority.
If a trusted certificate is required, consult the OpenSSL documentation that describes how to create keys and Certificate Signing Requests. This documentation can be found at http://www.openssl.org/docs/apps/openssl.html
.
Installation Resources
For more information on installing and configuring, there are several resources:
-
For Microsoft Windows installation, we recommend the PHP Triad for Windows installation package available from
http://sourceforge.net/projects/phptriad/
. The package contains MySQL, PHP, Apache, and PHPMyAdmin for MySQL maintenance through a web browser interface. -
NuSphere sells integrated Apache, PHP, and MySQL bundles with simple installation procedures and software support. A free download of the installation package without support is also available for Linux, Sun Solaris, and Microsoft Windows environments. Under the Linux environment, NuSphere is installed by following simple steps in a web browser.
-
The PHP online manual has instructions for installing PHP with most web servers and platforms, but these instructions are concise. They are located at
http://www.php.net/manual
. -
Many of the online resources accessible from
http://www.php.net/links.php
have installation tutorials or guides. -
The MySQL manual provides an excellent step-by-step guide to installing and configuring MySQL in many environments. The MySQL web site URL is:
http://www.mysql.com
.