Configuration of Apache for use with SSL
Posted by Donna Magada on 21 September 2010 04:44 PM

This document describes how to set up Apache to use SSL with NotifyLink (NL).

 

 

 

 

 

1.      Install Apache

 

 

 

A 2.2.x version of Apache should be used with NotifyLink. Be sure to download and install the one labeled “Win32 Binary including OpenSSL”.

 

 

 

2.      Install NotifyLink

 

 

 

3.      Configure Apache to use SSL

 

 

 

a.       Open the Apache configuration file (default location C:\Program Files\Apache Software Foundation\Apache2.2\conf\httpd.conf).

b.      Search for “ssl_module”.

c.       Remove the ‘#’ from the beginning of the line.

d.      Search for “httpd-ssl.conf”.

e.       Remove the ‘#’ from the beginning of the line.

f.       Save the httpd.conf file.

 

 

4.      Copy the Server Certificate and Server Private Key

 

 

 

A certificate signed from a trusted CA can be used, or a self-signed certificate can be generated. This document assumes that the Server Certificate file is named server.crt and the Server Private Key file is named server.key.

 

 

 

To generate a self-signed certificate, follow these steps:

 

 

 

a.       From the command line, change to the Apache bin directory (default location C:\Program Files\Apache Software Foundation\Apache2.2\bin).

b.      Run the following command to generate the certificate signing request. Note that when prompted for the Common Name, the domain name for the web server should be used.

 

 

 

 

 

openssl req -config ..\conf\openssl.cnf -new -out server.csr

 

 

 

 

 

 

c.       Run the following command to remove the passphrase from the private key. This is done so the passphrase does not need to be entered any time Apache is started. Note that the server.key file that is generated should be secured properly.

 

 

 

 

 

openssl rsa -in privkey.pem -out server.key

 

 

 

 

 

 

d.      Run the following command to generate the self-signed certificate. The certificate will expire after one year. To change how long it is valid, adjust the number following –days appropriately.

 

 

 

 

 

openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 365

 

 

 

 

 

 

e.       The server.crt and server.key files generated will be in the Apache bin directory.

 

 

 

Whether a trusted cert or self-signed cert are used, the server.crt and server.key files should be copied to the Apache conf directory (default location C:\Program Files\Apache Software Foundation\Apache2.2\conf).

 

 

 

5.      Edit the NotifyLink nl.conf file

 

 

 

a.       Backup the existing NotifyLink nl.conf file (default location C:\Program Files\NotifyLink Enterprise Server\nl.conf).

b.      Open the NotifyLink nl.conf file in Notepad.

c.       Update the contents of the file to the following.

 

 

 

Note that this assumes NotifyLink was installed to C:\Program Files\NotifyLink Enterprise Server and Apache was installed to C:\Program Files\Apache Software Foundation\Apache2.2. The directories below will need updated if either was installed to another location, making sure to use / instead of \ in the path.

 

 

 

Also note that INTERNALADDRESS should be replaced with the internal server address, and EXTERNALADDRESS should be replaced with the external server address.

 

 

NameVirtualHost INTERNALADDRESS:80

 

NameVirtualHost INTERNALADDRESS:443

 

 

 

<VirtualHost INTERNALADDRESS:80>

 

  ServerName INTERNALADDRESS:80

 

  ServerAlias INTERNALADDRESS:80

 

  DocumentRoot "C:/Program Files/NotifyLink Enterprise Server/web/"

 

  ErrorLog "|\"C:/Program Files/Apache Software Foundation/Apache2.2/bin/rotatelogs.exe\" \"C:/Program Files/NotifyLink Enterprise Server/logs/apache.%Y-%m-%d.error\" 86400"

 

  CustomLog "|\"C:/Program Files/Apache Software Foundation/Apache2.2/bin/rotatelogs.exe\" \"C:/Program Files/NotifyLink Enterprise Server/logs/apache.%Y-%m-%d.access\" 86400" common

 

</VirtualHost>

 

 

 

#NameVirtualHost EXTERNALADDRESS

 

 

 

<VirtualHost EXTERNALADDRESS:80>

 

  ServerName EXTERNALADDRESS:80

 

  ServerAlias EXTERNALADDRESS:80

 

  DocumentRoot "C:/Program Files/NotifyLink Enterprise Server/web/"

 

  ErrorLog "|\"C:/Program Files/Apache Software Foundation/Apache2.2/bin/rotatelogs.exe\" \"C:/Program Files/NotifyLink Enterprise Server/logs/apache.%Y-%m-%d.error\" 86400"

 

  CustomLog "|\"C:/Program Files/Apache Software Foundation/Apache2.2/bin/rotatelogs.exe\" \"C:/Program Files/NotifyLink Enterprise Server/logs/apache.%Y-%m-%d.access\" 86400" common

 

</VirtualHost>

 

 

 

<IfModule ssl_module>

 

  <VirtualHost INTERNALADDRESS:443>

 

    ServerName INTERNALADDRESS:443

 

    ServerAlias INTERNALADDRESS:443

 

    DocumentRoot "C:/Program Files/NotifyLink Enterprise Server/web/"

 

    ErrorLog "|\"C:/Program Files/Apache Software Foundation/Apache2.2/bin/rotatelogs.exe\" \"C:/Program Files/NotifyLink Enterprise Server/logs/apache.%Y-%m-%d.error\" 86400"

 

    CustomLog "|\"C:/Program Files/Apache Software Foundation/Apache2.2/bin/rotatelogs.exe\" \"C:/Program Files/NotifyLink Enterprise Server/logs/apache.%Y-%m-%d.access\" 86400" common

 

    SSLEngine on

 

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

 

    SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"

 

    SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"

 

  </VirtualHost>

 

 

 

  <VirtualHost EXTERNALADDRESS:443>

 

    ServerName EXTERNALADDRESS:443

 

    ServerAlias EXTERNALADDRESS:443

 

    DocumentRoot "C:/Program Files/NotifyLink Enterprise Server/web/"

 

    ErrorLog "|\"C:/Program Files/Apache Software Foundation/Apache2.2/bin/rotatelogs.exe\" \"C:/Program Files/NotifyLink Enterprise Server/logs/apache.%Y-%m-%d.error\" 86400"

 

    CustomLog "|\"C:/Program Files/Apache Software Foundation/Apache2.2/bin/rotatelogs.exe\" \"C:/Program Files/NotifyLink Enterprise Server/logs/apache.%Y-%m-%d.access\" 86400" common

 

    SSLEngine on

 

    SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL

 

    SSLCertificateFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.crt"

 

    SSLCertificateKeyFile "C:/Program Files/Apache Software Foundation/Apache2.2/conf/server.key"

 

  </VirtualHost>

 

</IfModule>

 

 

 

<Directory "C:/Program Files/NotifyLink Enterprise Server/web/">

 

  Options FollowSymLinks MultiViews

 

  AllowOverride AuthConfig

 

  Order allow,deny

 

  Allow from all

 

 

 

  DirectoryIndex index.html index.php

 

</Directory>

 

 

6.      Restart Apache

 

 

 

 


ERROR: This domain name (support.globoplc.com), does not match the domain name in the license key file support.notifycorp.com.

For assistance with your license, please contact the Kayako support team: https://support.kayako.com