Configuration
Edit httpd.conf
LoadModule ssl_module modules/mod_ssl.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_http_module modules/mod_proxy_http.so
Listen 443
NameVirtualHost *:443
<VirtualHost *:443>
ServerName http://localhost
# Serving https
SSLEngine on
SSLCertificateFile C:/certs/localhost.cer
SSLCertificateKeyFile C:/localhost.key
ProxyRequests Off
<Proxy *>
Order deny,allow
Allow from all
</Proxy>
SSLProxyEngine on
SSLProxyCACertificateFile "C:/certs/cacert.pem"
# Need BOTH public key AND unencrypted private key:
SSLProxyMachineCertificateFile "C:/certs/localhost_privatekey_publickey.txt"
SSLProxyVerifyDepth 10
SSLProxyVerify none
# Proxy to app1.my.com:8080
ProxyPass /app1/ https://app1.my.com:8080/
ProxyPassReverse /app1/ https://app1.my.com:8080/
</VirtualHost>
Troubleshooting
incomplete client cert configured for SSL proxy (missing or encrypted private key?)
* Need BOTH public key AND unencrypted private key pasted together
SSLProxyMachineCertificateFile "C:/certs/localhost_privatekey_publickey.txt"
Filed under: apache, ssl | |Comments off
Key Store
Generate private key
"%JAVA_HOME%\bin\keytool" -genkey -alias myhost -keyalg RSA -sigalg SHA1withRSA -keystore myhost.keystore -storepass secret -keypass secret -dname "CN=cName, OU=orgUnit, O=org, L=city, S=state, C=countryCode"
"%JAVA_HOME%\bin\keytool" -certreq -alias myhost -sigalg SHA1withRSA -file myhost.csr -keystore myhost.keystore
Inspect keys
"%JAVA_HOME%\bin\keytool" -list -v -alias myhost -keystore myhost.keystore
Import signed cert
Concatenate ca_root.cer to signed.cer
"%JAVA_HOME%\bin\keytool" -import -v -keystore myhost.keystore -alias myhost -storepass secret -file signed.cer
Delete a key
"%JAVA_HOME%\bin\keytool" -delete -alias myhost -keystore myhost.keystore -storepass secret
Filed under: java, ssl | |Comments off
Setup Apache 2 SSL
httpd.conf
LoadModule ssl_module modules/mod_ssl.so
# Secure (SSL/TLS) connections
#Include conf/extra/httpd-ssl.conf
#
# Note: The following must must be present to support
# starting without SSL on platforms with no /dev/random equivalent
# but a statically compiled-in mod_ssl.
#
<IfModule ssl_module>
SSLRandomSeed startup builtin
SSLRandomSeed connect builtin
</IfModule>
Listen 443
<VirtualHost _default_:443>
ServerName http://localhost
SSLEngine on
SSLCertificateFile \
C:/OpenSSL/localhostca/certs/02.pem
SSLCertificateKeyFile \
C:/OpenSSL/localhostca/02/localhost.key
</VirtualHost>
[error] Init: SSLPassPhraseDialog builtin is not supported on Win32
Cause
* Server private key is protected by passphrase.
Resolution
* Remove passphrase from server private key.
openssl rsa -in server_key_with_passphrase.pem -out server_key_without_passphrase.pem
* Comments out SSLPassPhraseDialog directive if it is found in httpd.conf.
Filed under: apache, ssl | |Comments off
https://knowledge.verisign.com/support/ssl-certificates-support/index?page=content&id=AR1130
Description
Once you have installed your VeriSign SSL Certificate, you can verify that the installation was successful by using the SSL Certificate Installation Checker on this page. Please follow these steps to test your installation:
1. Enter your Domain Name into the Fully Qualified Domain Name field (e.g. type secure.verisign.com).
2. Enter the SSL port number for your Web server. (The default SSL port number for most servers is 443.)
3. Click Test this Web Server.
The SSL certificate checker uses a Java Applet and you might be prompted to accept the certificate. If you receive an error try using a different browser or check your Java Settings.
Filed under: ssl | |Comments off