External

• http://httpd.apache.org/docs/2.4/ssl/
• http://wiki.centos.org/HowTos/Https
• http://www.thegeekstuff.com/2012/05/install-apache-2-on-centos-6/

Internal

• httpd Configuration#Subjects
• SSL

Overview

In order to protect a web site with SSL, you will need to make sure mod_ssl is available and functional, then create a virtual host that listens on port different from the non-SSL protected sites (usually 443), turn the SSLEngine on for that virtual host, and specify the paths to the certificate and the private key.

Procedure

Install mod_ssl and openssl

yum install mod_ssl
yum install openssl

By default, this ends up installing mod_ssl.so in /etc/httpd/modules. It also creates the default SSL configuration file ssl.conf in /etc/httpd/conf.d.

ssl.conf

ssl.conf must be included. Usually the main httpd.conf configuration file contains an "include all conf.d" line:

IncludeOptional conf.d/*.conf

which should take care of ssl.conf inclusion. More about IncludeOptional.

If not present, explicitly add the following Include directive above the virtual host area:

Include conf.d/ssl.conf

ssl.conf and Secure Virtual Hosts

ssl.conf contains the configuration of a default secure virtual host, and the custom secure virtual hosts should be added under it.

Listen

Restrict the secure server to listen to a specific, dedicated interface by specifying it in ssl.conf Listen:

Listen 1.2.3.4:443 https

More details about Listen are available here Listen.

Log Location

By default, the SSL logs level and location is different:

ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn