Chapter 10. Three virtual servers 131
You see a test page similar to Figure 10-1.
Figure 10-1 Apache2 test page
If you get an error in starting Apache, look in the log file /var/log/httpd/error_log for clues. If
Apache starts successfully, but you cannot reach the test page from a browser, try accessing
it using the IP address rather than the DNS name.
Now that you have Apache installed, you can begin to populate your site by putting your Web
pages in the directory /var/www/html/, which is the default Web root.
10.1.3 Configuring Secure Sockets Layer for Apache
Use the Secure Sockets Layer (SSL) to encrypt data between the client (browser) and the
server. In order for the client to know you are a legitimate Web server, you first require to
create an SSL server certificate. There are several options for doing so. You can either create
your own self-signed certificate or purchase a certificate signed by a trusted certificate
authority (CA). We recommend that you first use a self-signed certificate to test that your SSL
configuration is correct. Then, for production purposes, you can purchase a CA-signed
132 IBM z/VM and Linux on IBM System z: Virtualization Cookbook for Red Hat Enterprise Linux 4
Installing the SSL Apache module
The mod_ssl package provides SSL functionality for Apache. Red Hat Enterprise Linux 4
makes it very easy to install and enable SSL support in Apache:
# up2date mod_ssl
# rpm -q mod_ssl
Red Hat mod_ssl RPM automatically creates a self-signed certificate for you, which is
suitable for testing purposes. It is important to note that the resulting certificate does not
contain any information about your organization. Therefore, it is not suitable for conducting
e-commerce transactions. If you choose to use a self-signed certificate in production instead
of purchasing a certificate signed by a CA, you may want to manually create the certificate.
Manually creating a server certificate
Red Hat Enterprise Linux 4 provides a tool that makes it very easy to create your own
self-signed server certificate. This process has two steps:
1. Create a public/private key pair as Example 10-2 shows.
Example 10-2 Generating a key pair
# cd /usr/share/ssl/certs
# make genkey
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > /etc/httpd/conf/ssl.key/server.key
Generating RSA private key, 1024 bit long modulus
e is 65537 (0x10001)
Enter pass phrase:<a3tgfm>
Verifying - Enter pass phrase:<a3tfgm>
2. Create a certificate request if you intend to purchase a certificate from a trusted CA as
Example 10-3 shows. During this step, a prompt opens for information about your
Example 10-3 Generating a certificate request
# make certreq
umask 77 ; \
/usr/bin/openssl req -new -key /etc/httpd/conf/ssl.key/server.key -out
Enter pass phrase for /etc/httpd/conf/ssl.key/server.key:<a3tfgm>
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [GB]:<US>
State or Province Name (full name) [Berkshire]:<New York>
Locality Name (eg, city) [Newbury]:<Poughkeepsie>
Organization Name (eg, company) [My Company Ltd]:<Example>
Organizational Unit Name (eg, section) :<ZYX>
Common Name (eg, your name or your server's hostname) :<Admin>