This document discusses how to configure Apache HTTP Server 2.2.14 to enable secure communication using HTTPS. It describes generating a private key and self-signed certificate for the server, configuring the Apache modules for SSL and rewrite, and testing that web pages under the /b directory are only accessible via HTTPS and redirect HTTP requests to HTTPS.

1. Making the secure communicationMaking the secure communication
between Server and Client withbetween Server and Client with
https protocolhttps protocol
Armenian e-Science Foundation (ArmeSFo) 49 Komitas Ave, 0051
Yerevan Armenia http://www.escience.am/
Armenuhi Abramyan, Hayk Haroyan
{armabram, hharoyan}@mail.yerphi.am

2. Content
1.1. Secure Socket Layer (SSL)Secure Socket Layer (SSL)
2.2. How SSL worksHow SSL works
3.3. Installing theInstalling the Apache 2.2.14Apache 2.2.14 server withserver with sslssl andand rewriterewrite modulesmodules
4. Configuring Apache for enabling module ssl
5.5. Creating the private key and self-signed certificate for serverCreating the private key and self-signed certificate for server
6.6. Starting the apache serverStarting the apache server
7. Testing the secure communication
8. Configuring Apache for enabling module rewrite and making some
(b) directory of web site under https protocol
9. Restarting the apache server, and trying to open any web page
under b directory with http protocol

3. SSL is the transaction security protocol used by websites to protect online
communications. The most common use of SSL is to provide protection for
confidential data, such as personal details or credit card information, entered into
a website.
Secure Socket Layer (SSL)Secure Socket Layer (SSL)

4. How SSL works

5. Installing the Apache 2.2.14 server with ssl and rewrite modulesInstalling the Apache 2.2.14 server with ssl and rewrite modules
$> tar -xvzf httpd-2.2.14.tar.gz
$> ./configure --prefix=/usr/local/httpd-2.2.14 --enable-modules='rewrite ssl‘
$> make
#> make install
1. Download the latest version of Apache server from www.apache.org
2. Install the Apache server by using the following commands:

6. #> vi /usr/local/httpd-2.2.14/conf/httpd.conf
Configuring Apache for enabling module ssl
1. Edit the apache config file (/usr/local/httpd-2.2.14/conf/httpd.conf)
# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf
2. Uncomment the line of including the ssl config file then save and Quit (ESC+:wq)
#> cd /usr/local/httpd-2.2.14/conf/
#> vi extra/httpd-ssl.conf
3. Edit the ssl config file (/usr/local/httpd-2.2.14/conf/extra/httpd-ssl.conf)
Listen 443
SSLCertificateFile "/usr/local/httpd-2.2.14/conf/server.crt"
SSLCertificateKeyFile "/usr/local/httpd-2.2.14/conf/server.key"

7. Step 1: Generate a Private Key
#> openssl genrsa -des3 -out server.key 1024
Enter PEM pass phrase: //Type your password
Verifying password - Enter PEM pass phrase: //Retype your password
Note: Use the following command to remove the pass-phrase from the key
#> cp server.key server.key.withpass
#> openssl rsa -in server.key.withpass -out server.key

8. Step 2: Generate a CSR (Certificate Signing Request)
#> openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: //Type your private key password
Country Name (2 letter code) [GB]:AM
State or Province Name (full name) [Berkshire]: .
Locality Name (eg, city) [Newbury]: .
Organization Name (eg, company) [My Company Ltd]: .
Organizational Unit Name (eg, section) []: .
Common Name (eg, your name or your server's hostname) []: na601.yerphi.am
Email Address []: //Press Enter
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: //Press Enter
An optional company name []: //Press Enter

9. Step 3: Generating a Self-Signed Certificate
#> openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
Signature ok
subject=/C=AM/CN=na601.yerphi.am

10. Starting the apache server
#> /usr/local/httpd-2.2.14/bin/apachectl start
Apache/2.2.14 mod_ssl/2.2.14 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server www.example.com:443 (RSA)
Enter pass phrase: //Type your private key password
OK: Pass Phrase Dialog successful.

11. Testing the Secure communication
Open the browser with following url: https://localhost

15. And we see that:
it works!

16. #> vi /usr/local/httpd-2.2.14/conf/httpd.conf
Configuring Apache for enabling module rewrite and making
some (b) directory of web site under https protocol
1. Edit the apache config file (/usr/local/httpd-2.2.14/conf/httpd.conf)
2. Add the following content, then save and Quit (ESC+:wq)
RewriteEngine On
#RewriteRule ^/a/(.*)$ /b/$1 [R]
RewriteCond %{SERVER_PORT} !^443$
RewriteRule ^/b/(.*)$ https://localhost/b/$1 [L,R]

17. Restarting the apache server, and trying to open any web page
under b directory with http protocol
#> /usr/local/httpd-2.2.14/bin/apachectl restart
Apache/2.2.14 mod_ssl/2.2.14 (Pass Phrase Dialog)
Some of your private key files are encrypted for security reasons.
In order to read them you have to provide the pass phrases.
Server www.example.com:443 (RSA)
Enter pass phrase: //Type your private key password
OK: Pass Phrase Dialog successful.
When we try to open any web page under b directory
with http protocol, it's rewrites into https protocol

18. Thank you