Server Fault Stack Exchange
Server Fault Stack Exchange

Questions tagged [mod-ssl]

The Apache Httpd interface to OpenSSL

mod_ssl is a module for the Apache HTTPD webserver which allows it to perform SSL and TLS encryption on connections. Documentation is provided by Apache covering installation and setup for httpd 2.0 and 2.2

This tag should be used for questions around compiling, building, configuring, extending, provisioning, debugging and using mod_ssl.

For questions around building Apache modules on top of mod_ssl, or working on the code, the mod-ssl tag on StackOverflow is likely to be a better place to ask.

266 questions
56
votes
7 answers

Apache: SSLCertificateKeyFile: file does not exist or is empty

I am configuring SSL for Apache 2. My system is Ubuntu Server 10.04 LTS. I have the following settings related to SSL in my vhost configuration: SSLEngine On SSLCertificateKeyFile /etc/ssl/private/server.insecure.key SSLCertificateFile …
blueFast
  • 4,000
  • 13
  • 36
  • 51
45
votes
6 answers

Can an SSL certificate be on a single line in a file (no line breaks)?

SSL certificates by default have line breaks after 67 characters. I'm trying to create SSL certificate files using Chef. Essentially I want to create the entire certificate file from a string variable without any line breaks. I've tried this a few…
wrangler
  • 2,920
  • 5
  • 23
  • 20
36
votes
3 answers

Using Https between Apache Loadbalancer and backends

I am using an apache (2.4) server configured as loadbalancer in front of 2 apache servers. It works fine when I use http connections between loadbalancer and backends, however using https does not work. The configuration of the…
user3240383
  • 361
  • 1
  • 3
  • 5
36
votes
6 answers

How to enable TLS 1.1 and 1.2 with OpenSSL and Apache

In light of a growing number of security issues, such as the newly announced Browser Exploit Against SSL/TLS (BEAST), I was curious how we could go about enabling TLS 1.1 and 1.2 with OpenSSL and Apache to ensure that we will not be vulnerable to…
John
  • 2,266
  • 6
  • 44
  • 60
18
votes
3 answers

Apache2 with SSL do I have to copy VirtualHost blocks?

In Apache2 on ubuntu I have my site listening on 80, and now I want to add SSL. Is there a way to enable the SSLEngine for port 443 so I do not have to copy the entire VirtualHost block? When I do this: Listen 80 Listen 443 NameVirtualHost…
dar
  • 499
  • 1
  • 5
  • 11
17
votes
1 answer

Why is my SSL certificate untrusted on Android?

The SSL certificate is trusted on most Desktop computers, but only some Android devices. However, even on Android devices where the certificate is untrusted, the root certificate is installed. I must have tried a hundered ways of resolving this…
magnus
  • 291
  • 1
  • 2
  • 7
15
votes
3 answers

SSLCertificateChainFile Deprecation Warning on Apache 2.4.8+

We have an SSL Certificate for our website from Network Solutions. After upgrading Apache/OpenSSL to version 2.4.9, I now get the following warning when starting HTTPD: AH02559: The SSLCertificateChainFile directive (/etc/httpd/conf.d/ssl.conf:105)…
DOOManiac
  • 781
  • 6
  • 12
  • 25
15
votes
1 answer

Install & configure mod_ssl on Amazon EC2 instance

I am trying to support HTTPS traffic with the mod_ssl module on my website. I am running an Amazon EC2 instance for my server. I have installed and configured the basic LAMP packages. However, when I go to put in SSL-specific commands in my apache…
kaffolder
  • 285
  • 1
  • 2
  • 7
15
votes
7 answers

Session Cache is not configured... why?

I'm running (trying to run, actually) Apache 2.4.2 on Windows Server 2003 R2 32 bit (plus PHP 5.4.5 and OpenSSL 1.0.1c, but I don't think that matters), and I'm getting the following line in the error log: [Sun Aug 05 11:52:39.546875 2012]…
MaxArt
  • 515
  • 1
  • 7
  • 14
14
votes
1 answer

How to disable SSLCompression on Apache httpd 2.2.15? (Defense against CRIME/BEAST)

I read about the CRIME attack against TLS Compression (CVE-2012-4929, CRIME is a successor to the BEAST attack against ssl & tls), and I want to protect my webservers against this attack by disabling SSL Compression, which was added to Apache 2.2.22…
Stefan Lasiewski
  • 22,949
  • 38
  • 129
  • 184
13
votes
3 answers

How to disable TLS 1.1 & 1.2 in Apache?

I have an Ubuntu 12.04.2 LTS server running Apache 2.2.22 with mod_ssl and OpenSSL v1.0.1. In my vhosts config (everything else within which behaves as I would expect), I have the SSLProtocol line with -all +SSLv3. With that configuration, TLS 1.1 &…
Kyle Lowry
  • 279
  • 1
  • 2
  • 9
12
votes
2 answers

Why store Apache SSL certificate and private key in separate files?

The Apache mod_ssl documentation for the SSLCertificateFile and SSLCertificateKeyFile directives states that it is 'strongly discouraged' to store a private key and an SSL certificate in the same file. Now obviously the private key file should be…
Vortura
  • 360
  • 2
  • 9
10
votes
1 answer

Disable SSL / TLS compression in Apache 2.2.x

Is there a way to disable SSL/TLS Compression in Apache 2.2.x when using mod_ssl? If not, what are people doing to mitigate the effects of CRIME/BEAST in older browsers? Related Links:…
DevGav
  • 315
  • 2
  • 3
  • 8
9
votes
2 answers

mod_ssl SSLCACertificatePath Proper Usage or What is the Best way to Handle Multiple Acceptable Client Certificate CAs

I am attempting to use the mod_proxy SSLCACertificatePath directive, but I'm a tad bit confused on how to use it properly. Here are two links explaining the SSLCACertificatePath…
hooknc
  • 235
  • 2
  • 3
  • 7
8
votes
1 answer

How to tell if SSL session caching is in fact working correctly with Apache 2.2?

We have Apache 2.2.22 running on Ubuntu 12.04. SSL is configured and enabled, with these directives in /etc/apache2/mods-enabled/ssl.conf: SSLSessionCache shm:/var/www/apache-ssl-cache/ssl_scache(512000) SSLSessionCacheTimeout 300 SSLMutex…
Kal
  • 361
  • 1
  • 3
  • 7
1
2 3
17 18