{"id":2898,"date":"2019-05-11T18:48:31","date_gmt":"2019-05-11T15:48:31","guid":{"rendered":"https:\/\/kifarunix.com\/?p=2898"},"modified":"2019-05-11T18:48:33","modified_gmt":"2019-05-11T15:48:33","slug":"install-apache-with-self-signed-certificate-on-freebsd-12","status":"publish","type":"post","link":"https:\/\/kifarunix.com\/install-apache-with-self-signed-certificate-on-freebsd-12\/","title":{"rendered":"Install Apache with Self-signed Certificate on FreeBSD 12"},"content":{"rendered":"\n
Hello there. Today we are going to learn how to install Apache with Self-signed Certificate on FreeBSD 12. The use of TLS\/SSL certificates ensure a secured connection to and from the web server by encrypting traffic. The traffic is encrypted with public key that can only be decrypted with a private key that is stored in the web server.<\/p>\n\n\n\n
The use of Self-signed TLS\/SSL certificates is strictly not recommended for use in a public site where private information is involved. It can only be used locally for Apache testing purposes, on an intranet or on personal sites that doesn’t involve the transfer of critical data.<\/p>\n\n\n\n
Install Apache with Self-Signed Certificate on FreeBDS 12<\/h2>\n\n\n\n
Install Apache on FreeBSD 12<\/h3>\n\n\n\n
To begin with, update your system packages.<\/p>\n\n\n\n
pkg update pkg upgrade<\/code><\/pre>\n\n\n\n
Once the update is done, install Apache HTTP server.<\/p>\n\n\n\n
pkg install apache24<\/code><\/pre>\n\n\n\n
Updating FreeBSD repository catalogue...\nFreeBSD repository is up to date.\nAll repositories are up to date.\nThe following 12 package(s) will be affected (of 0 checked):\n\nNew packages to be INSTALLED:\n\tapache24: 2.4.39\n\tlibnghttp2: 1.37.0\n\tlibxml2: 2.9.8\n\texpat: 2.2.6_1\n\tperl5: 5.28.1_1\n\tpcre: 8.43\n\tapr: 1.6.5.1.6.1_1\n\tgdbm: 1.18.1\n\tindexinfo: 0.3.1\n\treadline: 7.0.5\n\tgettext-runtime: 0.19.8.1_2\n\tdb5: 5.3.28_7\n\nNumber of packages to be installed: 12\n\nThe process will require 153 MiB more space.\n34 MiB to be downloaded.\n\nProceed with this action? [y\/N]: y<\/code><\/pre>\n\n\n\n
Start and Enable Apache<\/h3>\n\n\n\n
Once the installation is done, you can enable and start Apache by running the commands below;<\/p>\n\n\n\n
sysrc apache24_enable=yes service apache24 start<\/code><\/pre>\n\n\n\n
Generate Apache Self Signed Certificate<\/h2>\n\n\n\n
Now that Apache is installed and running on FreeBSD 12, proceed to generate your self signed SSL\/TLS certificate. This can be done using the openssl<\/strong> command. Hence, fire up your terminal and execute the command below;<\/p>\n\n\n\n
When the command runs, you will be prompted to provide some information that will be incorporated into your certificate request. You can leave the defaults for most fields. The most important field however is the server hostname or IP address.<\/p>\n\n\n\n
-----\nCountry Name (2 letter code) [AU]:KE\nState or Province Name (full name) [Some-State]:Nairobi\nLocality Name (eg, city) []:Nairobi\nOrganization Name (eg, company) [Internet Widgits Pty Ltd]:Example Ltd\nOrganizational Unit Name (eg, section) []:ITSec \nCommon Name (e.g. server FQDN or YOUR name) []:freebsd12.example.com\nEmail Address []: ENTER<\/code><\/pre>\n\n\n\n
This generates a new self signed certificate with a private key stored under \/etc\/ssl\/certs\/selfsigned.crt<\/strong> and \/etc\/ssl\/private\/selfsigned.key<\/strong> respectively with a validity period of 365 days.<\/p>\n\n\n\n
Configure Apache to Use Self Signed Certificates<\/h3>\n\n\n\n
Next, you need to configure Apache to use the generated self signed certificate.<\/p>\n\n\n\n
Enable Apache SSL module<\/h4>\n\n\n\n
To configure Apache to load the SSL modules, edit the main configuration file and uncomment the line, LoadModule ssl_module libexec\/apache24\/mod_ssl.so<\/strong>.<\/p>\n\n\n\n
vim \/usr\/local\/etc\/apache24\/httpd.conf<\/code><\/pre>\n\n\n\n
Next, edit the default Apache SSL virtual host file configuration and set the proper values for the ServerAdmin<\/code>, SSLCertificateFile<\/code>, and SSLCertificateKeyFile<\/code> at the least. Before that, make a backup of the original configuration file.<\/p>\n\n\n\n
Once you are done with configuration, verify the Apache configuration file to ensure that there are no syntax errors.<\/p>\n\n\n\n
apachectl -t<\/code><\/pre>\n\n\n\n
If you get such an error;<\/p>\n\n\n\n
AH00526: Syntax error on line 92 of \/usr\/local\/etc\/apache24\/extra\/httpd-ssl.conf: SSLSessionCache: 'shmcb' session cache not supported (known names: ). Maybe you need to load the appropriate socache module (mod_socache_shmcb?).<\/code><\/pre>\n\n\n\n
Edit the main configuration file,\/usr\/local\/etc\/apache24\/httpd.conf<\/strong>, and enable the socache_shmcb_module<\/code> by uncommenting the line below;<\/p>\n\n\n\n
Restart Apache if there is no more errors.<\/p>\n\n\n\n
service apache24 restart\nPerforming sanity check on apache24 configuration:\nSyntax OK\nStopping apache24.\nWaiting for PIDS: 6873.\nPerforming sanity check on apache24 configuration:\nSyntax OK\nStarting apache24.<\/code><\/pre>\n\n\n\n
Test HTTPS connection<\/h3>\n\n\n\n
You can now test HTTPS connection to your Apache Web server using the address, https:\/\/<server-hostname><\/strong>. If all is well, you should see a “Your connection is not private<\/strong>” message since we are using a self-signed certificate.<\/p>\n\n\n\n<\/a><\/figure>\n\n\n\n
![\"install](\"https:\/\/kifarunix.com\/wp-content\/uploads\/2019\/05\/https-connection.png\" "\\"\\"")
<\/a><\/figure>\n\n\n\n