Apache2 SSL on Debian

Thankfully I got considerable help on this subject. I followed some excellent instructions posted by Bill Lovett. These alone didn’t solve all my issues but fortunately the ever-knowing Weasel came to my rescue.

Starting at the beginning:
Get apache2 running! No point buggering around with ssl configuration if the webserver doesn’t work. Once that’s done, proceed.

There is the usual requirement to generate certificates, assuming a common certificate authority is desired across a number of services. Save the cert and the cacert into /etc/apache2/ssl (I copied the private key from the cert request into the certificate file, just for simplicity). This step can be bypassed by running ‘apache2-ssl-certificate’ which will generate a cert file. I just prefer to make my own.

Copy /usr/share/doc/apache2/examples/ssl.conf.gz to /etc/apache2/sites-available and unzip it.
Run ‘a2ensite ssl.conf’ to create a symlink in sites-enabled to the file in sites-available.
Run ‘a2enmod ssl’ to enable the module in the same manner as the site.
Edit /etc/apache2/sites-available/ssl.conf and configure it to look at the certs and cacerts. Also make sure the Document Root is set correctly to /var/www

Now comes a nasty bit:
You cannot mix wildcards to Virtual Hosts with non-wildcards. Some would say you shouldn’t have any wildcards. By this I mean in each configuration file in /etc/apache2/sites-available, you don’t want anything like these:
<VirtualHost *>
<Virtualhost *:443>
NameVirtualHost *:80

Easiest way to find these things is with the following commands:
grep -ri ‘<VirtualHost ‘ /etc/apache2
grep -ri ‘<NameVirtual’ /etc/apache2

Tighten these down by changing them to:
<VirtualHost 1.2.3.4:80>
NameVirtualHost 1.2.3.4:80
Where 1.2.3.4 is the servers’ IP Address.

Restart apache2 by /etc/init.d/apache2 restart
Logs can be found in /var/log/apache2. Note that ssl logs are have an underscore, whilst non-ssl have a period. Eg. error.log and error_log