My /etc/apache2/conf/httpd.conf contains this line:
SSLProtocol TLSv1.2
Nonetheless, I was told that I needed to identify what is defined for SSLProtocol in ssl.conf. Where can I find this file? I have a CentOS server.
UPDATE 1: Nevermind, I do not require an answer anymore, it was all a confusion with the scan report referring to a wrong IP address, not the one that I needed to evaluate.
ssl.conf on CentOS is usually located /etc/httpd/conf.d/ssl.conf
If this file is not present, then you probably did not install Apache mod_ssl.
To install mod_ssl:
sudo yum install mod_ssl
Related
I have been asked to disable TLS1.0(on SSLV3) from apache running on Solaris. I am new to infrastructure stuff. I did some googling and most of them talk about something like this
SSLProtocol all -TLSv1 in the ssl.conf file
But, when i go to /etc/apache2/ssl.conf file there is no setting defined for SSLProtocol.
Is it that since there is no settings defined for SSLProtocol that all tls versions are being allowed?
Also , where should i add the SSLProtocl settings in the ssl.conf files?
Many thanks for all replies
Go to the apache's folder, and just run:
grep -iRl "SSLProtocol" ./
And then, if you found a file containing it, change it to the following, or if you didn't find anything, open the ssl.conf, and add this line after the lines starting with SSL:
SSLProtocol -all +TLSv1.2
If your openssl version is above version 1.1.1 (use openssl version to check), and if your apache version is above 2.4.36 (use httpd -v to check), then you can also use TLSv1.3. If you will use it without the above mentioned requirements of the versions, then you will get an error saying Illegal Protocol. So, if you have the above requirements you can use:
SSLProtocol -all +TLSv1.2 +TLSv1.3
Also, I am confused about the SSLv3 you mentioned. You must not use SSLv3 even if you want to. Check https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/.
My hosting (instance) is on EC2 and domain is on Nominalia. I am using ubuntu16.0.4 and Laravel 5.4, I have generated CSR, key file, certificate file and kept on root of server that is /var/www/html
Now I have to place
<VirtualHost *:443>
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /var/www/html/sitename.com.crt
SSLCertificateKeyFile /var/www/html/sitename.com.key
SSLCertificateChainFile /var/www/html/intermediate-ca.crt
</VirtualHost>
I am not getting where I shall keep it. I tried to keep in /etc/apache2/sites-enabled/000-default.conf or /etc/apache2/sites-enabled/default-ssl.conf or /etc/apache2/sites-available/default-ssl.conf but it did not work and I am getting errors
In chrome
This site can’t be reached
and in Mozilla
Secure Connection Failed
Site is working without https
I also tried to keep both "VirtualHost *:443" and "VirtualHost *:80" in /etc/apache2/sites-enabled/000-default.conf but it also did not work. In this case, I am getting "This site can’t be reached"
There are lot of articles that I am reading from few days but not getting how to do final setting so that my site start working after I successfully placed all certificate files.
Recently Chrome stoped accepting self-signed Certificates. You can save a lot of effort using Let's Encrypt SSL Certificates. They are free, but valid for 90 days only. But you can configure auto renewal process, so you don't need to worry, because all things happens behind scenes.
Installation on Ubuntu it's simple:
1. Add repository to apt
sudo add-apt-repository ppa:certbot/certbot
After complete, update apt-get:
sudo apt-get update
2. Install Certbot
Certbot is a client tool for managing certificates from Let's Encrypt.
Run:
sudo apt-get install python-certbot-apache
3. Set up SSL Certificate
sudo certbot --apache -d sitename.com
If your domain could be accessed with www prefix run this command instead:
sudo certbot --apache -d sitename.com -d www.sitename.com
From now Certbot will run automatically via /etc/cron.d to check for expiring certificates.
You can validate process by running:
sudo certbot renew --dry-run.
It's done.
Full documentation for Certbot is here: https://certbot.eff.org/docs/
I'm wondering whether it's possible to install apache2 from scratch, I tried to install it and many times I was informed that a configuration file was removed, and everytime I chose to install the package responsible version. When starting apache service I have this apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName and the localhost url shows Page Web inaccessible.
How can I fix this?
Thanks in advance.
Just add to apache2.conf
Servername localhost
into last line.
(PATH)
sudo nano /etc/apache2/apache2.conf
I have downloaded xampp for mac, installed it and bought ssl certificat, but i'm having hard
times to install the ssl...
Can someone computer wise explain to me step by step, easy how to set it up? please i have
searched google, but could not understand the way they did, please take your time to
explain...
The file you need to edit to enable SSL is httpd-ssl.conf found in the conf/extra directory.
Change the following directives:
SSLCertificateFile to domain_com.crt
SSLCACertificateFile to PositiveSSLCA2.crt
SSLCertificateKeyFile to the private key file you received when you created the CSR
Open " Terminal " and type: sudo nano /private/etc/hosts then add 127.0.0.1 your_domain.com and 127.0.0.1 www.your_domain.com, when done editing the hosts file, press control-o to save the file.
Then call sudo /Applications/XAMPP/xamppfiles/xampp enablessl to enable SSL in httpd.conf and restart Apache. Now try accessing https://localhost
Ok
So I installed Apache httpd a while ago and have recently come back to it to try setup SSL and get it serving several different tomcat servers.
At the moment I have two completely separate Tomcat instances serving up to slightly different versions (one for dev and one for demo say) my web app to two different ports:
example.com:8081
example.com:8082
I've successfully (back in Jan) used mod_jk to get httpd to serve those same Tomcat instances to http://www.example.com:8090/dev and http://www.example.com:8090/demo (8090 cos I've got another app running on 8080 via Jetty at this stage) using the following code in httpd.conf:
LoadModule jk_module modules/mod_jk.so
JkWorkersFile conf/workers.properties
JkLogFile logs/mod_jk.log
JkLogLevel debug
<VirtualHost *:8090>
JkMount /devd* tomcatDev
JkMount /demo* tomcatDemo
</VirtualHost>
What I'm not trying to do is enable SSL.
I've added the following to httpd.conf:
Listen 443
<VirtualHost _default_:443>
JkMount /dev* tomcatDev
JkMount /demo* tomcatDemo
SSLEngine on
SSLCertificateFile "/opt/httpd/conf/localhost.crt"
SSLCertificateKeyFile "/opt/httpd/conf/keystore.key"
</VirtualHost>
But when I try to restart Apache with apachectl restart (yes after shutting down that other app I mentioned so it doesn't toy with https connections) I continuously get the error:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration. httpd not running, trying to start
I've looked in the httpd/modules dir and indeed there is no mod_ssl, only mod_jk.so and httpd.exp.
I've tried using yum to install mod_ssl, it says its already installed. Indeed I can locate mod_ssl.so in /usr/lib/httpd/modules but this is NOT the path to where I've installed httpd which is /opt/httpd and in fact /usr/lib/httpd contains nothing but the modules dir.
Can anyone tell me how to install mod_ssl properly for my installed location of httpd so I can get past this error?
I found I needed to enable the SSL module in Apache (obviously prefix commands with sudo if you are not running as root):
a2enmod ssl
then restart Apache:
/etc/init.d/apache2 restart
More details of SSL in Apache for Ubuntu / Debian here.
Are any other LoadModule commands referencing modules in the /usr/lib/httpd/modules folder? If so, you should be fine just adding LoadModule ssl_module /usr/lib/httpd/modules/mod_ssl.so to your conf file.
Otherwise, you'll want to copy the mod_ssl.so file to whatever directory the other modules are being loaded from and reference it there.
Try installing mod_ssl using following command:
yum install mod_ssl
and then reload and restart your Apache server using following commands:
systemctl reload httpd.service
systemctl restart httpd.service
This should work for most of the cases.
I used:
sudo yum install mod24_ssl
and it worked in my Amazon Linux AMI.
I don't know if it is still of interest and if things have changed ever since the thread has been posted, but the /etc/apache2/apache2.conf on my system says:
Configuration files in the mods-enabled/, conf-enabled/ and sites-enabled/
directories contain particular configuration snippets which manage modules,
global configuration fragments, or virtual host configurations,
respectively.
They are activated by symlinking available configuration files from their
respective *-available/ counterparts. These should be managed by using our
helpers a2enmod/a2dismod, a2ensite/a2dissite and a2enconf/a2disconf. See
their respective man pages for detailed information.
And on my system the modules are installed in /usr/lib/apache2/modules.
I am running Ubuntu 20.04.2 LTS.