How To Setup SSL on Apache (SLES version)

  • 7020434
  • 11-Jul-2011
  • 07-Aug-2017

Environment


Retain 1.x+
SLES 10, 11
Apache 2.x

Situation

What is the proper procedure for setting up mod_ssl on Apache for SLES 10.x and 11.x?

Resolution



1. Create SSL key and signed certificate and place into a directory with root only permissions.  Here is a good reference for creating an SSL key/certificate: http://onlamp.com/pub/a/onlamp/2008/03/04/step-by-step-configuring-ssl-under-apache.html

2.  In /etc/apache2/vhosts.d, create a copy of vhost-ssl.template and name it as something with a .conf extension (eg. retain-ssl.conf).

3. Open the vhost file you just created and set "SSLCertificateFile" and  "SSLCertificateKeyFile" to the path(s) of your key and signed certificate.

Also change the following tag:



to:



4. Open /etc/sysconfig/apache2.   In the "APACHE_MODULES" option, make sure ssl is in the list of modules which Apache needs to load.



Also add -DSSL to "APACHE_SERVER_FLAGS":



5. Restart Apache2.  To verify it is working, open a browser and go to https://your_server_hostname/RetainServer.       

Note:
If case you are using the Retain Plugin for the GroupWise Client, you might see the following error when you hit the Retain button:

Error connecting with SSL

After you click on the "OK" button, the Retain Web UI will be opened in a browser, but will show a login error.

In that case, please open the the vhost file, that you created during step 3, again and scroll down to the
Virtual Host section.
Within the line "SSL Protocol" please remove the "-SSLv3" part.

Change SSL protocol for Apache

After a restart Apache will support all available options, but not -SSLv2.


Additional Information

This article was originally published in the GWAVA knowledgebase as article ID 1993.