Environment
SUSE Linux Enterprise Server 11
Situation
Resolution
SLES11 SSL
1.
Create a self-signed cert using SLES11’s script
1.
cd /usr/share/doc/packages/apache2
2.
./mkcert.sh make --no-print-directory
/usr/bin/openssl /usr/sbin/custom
3.
Enter information when pertinent and use
defaults for settings
2.
The above script should place the
certs in the appropriate directories /etc/apache2/ssl.crt or ssl.key
3.
Enable SSL with following commands:
1.
a2enmod ssl
2.
a2enflag SSL (take note of
capitalization)
4.
Create a vhost-ssl.conf file from the
vhost-ssl.template file in /etc/apache2/vhosts.d/
1. cd /etc/apache2/vhosts.d
2. cp vhost-ssl.template vhost-ssl.conf
3. Edit the new vhost-ssl.conf file and change/verify the directory
paths for the crt and key files
5.
Check Firewall
1.
Make sure if the firewall is active that the
port 443 and 80 is open
SLES12 SSL
1.
Create a Self-Signed my cert using OpenSSL
1.
sudo openssl req -new > new.cert.csr
2.
follow prompts
3.
sudo openssl rsa -in privkey.pem -out
new.cert.key
4.
sudo openssl x509 -in new.cert.csr -out
new.cert.cert -req -signkey new.cert.key
-days 365
2.
Move the .crt and .key file to the appropriate locations
1.
sudo cp new.cert.cert
/etc/apache2/ssl.crt/server.crt
2.
sudo cp new.cert.key
/etc/apache2/ssl.key/server.key
3.
Enable SSL with following commands:
1.
a2enmod ssl
2.
a2enflag SSL (take note of
capitalization)
4. Create a vhost-ssl.conf file from the vhost-ssl.template file in /etc/apache2/vhosts.d/
1. cd /etc/apache2/vhosts.d
2. cp vhost-ssl.template vhost-ssl.conf
3. Edit the new vhost-ssl.conf file and change/verify the directory paths for the crt and key files.
Finally, make sure if the firewall is active that the port 443 and 80 is open
Helpful Links:
• https://www.suse.com/documentation/sles-12/book_sle_admin/data/sec_apache2_ssl.html#
• https://www.suse.com/documentation/sles11/book_sle_admin/data/sec_apache2_ssl.html#