Dakshina`s Blog

My views..
« CGI/Perl script for... | Main | Getting the output... »
Thursday Nov 30, 2006

Configuring apache +SSL service for S10

Just another blog for setting up apache shipped with S10 ...

 

Note:For creating server side certificates a very detailed help can be found @

http://meljr.com/~meljr/ssl_cert_Sol10.html .

And hence I am not rewriting them here.

cp /etc/apache2/httpd-conf-example to /etc/apache2/httpd.conf


Set the properties :

Server name

Listen  Port number
Document root


export JAVA_HOME=< >
/usr/apache2/bin/apachectl start 
OR

#svcadm disable apache2 ;#svcenable apache2

===============================================================

Enabling SSL service  on Apache2


# svccfg

svc:> select apache2

svc:/network/http:apache2> listprop httpd/ssl

httpd/ssl  boolean  false

svc:/network/http:apache2> setprop httpd/ssl=true

svc:/network/http:apache2> exit

# svcadm disable apache2

# svcadm enable apache2

# svcprop -p httpd/ssl svc:/network/http:apache2

false

# svcadm refresh apache2

# svcprop -p httpd/ssl svc:/network/http:apache2

true


Posted at 10:58AM Nov 30, 2006 by dakshina in Sun  |  Comments[2]

Comments:

Two remarks: 1. the path to the example file should be /etc/apache2/httpd.conf-example not /etc/apache2/http-conf-example 2. your guide is not working. after appying all the commands svcs -x reports the following: svc:/network/http:apache2 (Apache 2 HTTP server) State: maintenance since Thu Nov 30 03:11:24 2006 Reason: Start method exited with $SMF_EXIT_ERR_CONFIG. See: http://sun.com/msg/SMF-8000-KS See: httpd(8) See: /var/svc/log/network-http:apache2.log Impact: This service is not running. Also, where is the certificate ?

Posted by Vladimir Kotal on November 30, 2006 at 01:44 PM IST #

Here's setup that works: 
  0. fix machine NSS config:
     cp -p /etc/nsswitch.conf /etc/nsswitch.conf.orig
     cat /etc/nsswitch.conf.orig \
        | sed 's/^hosts:.*/hosts: files dns nis \[NOTFOUND=return\]/' \
        > /etc/nsswitch.conf
  1. prepare certificate/private key
    mkdir -p /export/home/apache
    mkdir -p /export/home/apache/log
    mkdir -p /export/home/apache/doc
    cd /export/home/apache
    openssl genrsa -rand "/etc/passwd" -out server.key 1024
    openssl req -new -key server.key -out server.csr
    openssl x509 -req -days 60 -in server.csr \
        -signkey server.key -out server.crt
  2. modify config:
     cp /etc/apache2/httpd.conf-example /etc/apache2/httpd.conf
     cp -p /etc/apache2/ssl.conf /etc/apache2/ssl.conf.orig
     cat /etc/apache2/ssl.conf.orig \
        | sed 's/^SSLCertificateFile.*/SSLCertificateFile \/export\/home\/apache
\/server.crt/' \
        | sed 's/^SSLCertificateKeyFile.*/SSLCertificateKeyFile \/export\/home\/
apache\/server.key/' \
        > /etc/apache2/ssl.conf
  3. enable apache service
    svccfg -s http:apache2 setprop httpd/ssl=true
    svcadm refresh http:apache2
    svcprop -p httpd/ssl svc:network/http:apache2
    svcadm enable apache2
  4. test it
    svcs -x
    # following command should report '/usr/apache2/bin/httpd -k start -DSSL'
    ps axwww|grep http
    for i in ssl2 ssl3 tls1; do \
        openssl s_client -connect localhost:443 -$i; done
    openssl s_client -connect localhost:443 -ssl3

Posted by Vladimir Kotal on November 30, 2006 at 01:46 PM IST #

Post a Comment:
  • HTML Syntax: NOT allowed
Archives
« May 2008
SunMonTueWedThuFriSat
    
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
       
Today


Links



Referrers

Today's Page Hits: 3