5

I'm trying to install an SSL certificate on a Linux Apache 2.2.3 server. I've been browsing on-line to see how to install the certificate and most say to edit the 'httpd.conf' file. However, there are two of these files and I'm not sure which to edit. Here are the file paths:

/etc/dirsrv/admin-serv/httpd.conf
/etc/httpd/conf/httpd.conf

I tried to edit them adding the extra information to the Virtual Host:
SSLCertificateFile mycert
SSLCertificateKeyFile mykey

When I tried to restart Apache however, it says that SSLCertificateFile is an invalid command.

Note: I also have an nss.conf file, which contains some information about Virtual Hosts.

Improve this question

2 Answers 2

Reset to default
10

If it's barking that 'SSLCertificateFile' is a invalid directive, then you don't have mod_ssl loaded. You need a line somewhere in your config that looks similar to this:

LoadModule ssl_module libexec/apache22/mod_ssl.so

(That particular line is from a FreeBSD box, so it's unlikely to work without minor modification)

You should usually put the SSL information in the vhost's directive; but a very simple site could go something like this:

ServerName example.com Listen 80 Listen 443 LoadModule ssl_module libexec/apache22/mod_ssl.so LoadModule the other modules go in here... User www Group www DocumentRoot /path/to/site SSLCertificateFile /path/to/cert SSLCertificateKeyFile /path/to/key SSLCertificateChainFile /path/to/chain <VirtualHost *:443> SSLEngine on </VirtualHost>

This is what the config for my person site looks like (plus some security, logging, and other junk like that).

Improve this answer
2
  • In general, should the directives SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile go within the Virtual Host tag? Commented Aug 26, 2010 at 17:17
  • @Sean, if you're running a server with just one domain, it really doesn't matter in the least; if your running a server with multiple domains, absolutely yes, it should be in the Virtual Host directive. Commented Aug 26, 2010 at 17:32
1

I think it's better for you to put the SSL information inside the vhost that will use it, just for organization's sake. Also remember that mod_ssl has to be enabled on apache for the SSLEngine, SSLCertificateFile and SSLCertificateKeyFile to work. 

# a2enmod ssl

Will normally enable the module automatically in debian based distributions.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.