I order to activate the https support you have to check that in the /etc/httpd/conf/httpd.conf the support for VirtualHost is activated and that the NameVirtualHost is configured as this:
NameVirtualHost <ip of the web server>:80 NameVirtualHost <ip of the web server>:443
Avoid the format
NameVirtualHost *:80 NameVirtualHost *:443
as this doesn't permit the creation of multiple https instances on the server.
For a self-Signed certificate we must create the Certification Autority (ourself) certificate, and then create the couple certificate/key for the ssl support.
openssl req -new -days 3560 > <name of server>.csr
openssl rsa -in privkey.pem -out <name of server>.key
openssl x509 -in <name of server>.csr -out <name of web server>.cert -req -signkey <name of server>.key -days 3560
mv <name of server>.cert /etc/pki/tls/certs/
mv <name of server>.key /etc/pki/tls/private/
Create an istance for a VirtualHost using the same informations you have for a plain VirtualHost. if you have a istance like this:
<VirtualHost <ip>:80> ServerAdmin webmaster@<dmain> ServerName <name.domain> ServerAlias <name> DocumentRoot /var/www/html ErrorLog /var/log/httpd/<xxx>.error_log CustomLog /var/log/httpd/<xxx>.access_log combined ..... </VirtualHost>
copy it to a second istance with these modifications
<VirtualHost 128.178.70.2:443> ServerAdmin webmaster@<domain> ServerName <name.domain> ServerAlias <name> DocumentRoot /var/www/html SSLEngine on SSLCipherSuite ALL:!ADH:!EXPORT56:RC4+RSA:+HIGH:+MEDIUM:+LOW:+SSLv2:+EXP:+eNULL SSLCertificateFile /etc/pki/tls/certs/<name of web server>.cert SSLCertificateKeyFile /etc/pki/tls/private/<name of web server>.key SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 ErrorLog /var/log/httpd/<xxx>.error_log CustomLog /var/log/httpd/<xxx>.access_log combined ...... </VirtualHost>
As you can see the main differences are the change of the port (443 instead of 80) in the VirtualHost definition and the SSLxxx line added.
Pay particular attention to the SSLCertificateFile and SSLCertificateKeyFile lines. Here you have to indicate the correct path to the certificate and the key file you created above.
Restart the httpd server.
From now, if you connect to https:<name of server web> you are asked to accept the certificate (the Self-Signed certificate aren't automatically accepted by browsers. After the acceptance your web session is encrypted with the ssl protocol.
Below are the base instruction we used (found somewhere on the net):
Hi Guys, I got my latest SVN 1.3.2 working on FC5 with Apache 2.2.0 over SSL, so decided to just share the same with all. Here we go, 1) To install SVN do yum install subversion. 2) To create a SSL certificate for Apache do - Step one - create the key and request: openssl req -new > new.cert.csr Step two - remove the passphrase from the key (optional): openssl rsa -in privkey.pem -out new.cert.key Step three - convert request into signed cert: openssl x509 -in new.cert.csr -out new.cert.cert -req -signkey new.cert.key -days 1024 place the keys to following locations & edit the /etc/httpd/conf.d/ssl.conf as follows - SSLCertificateFile /etc/pki/tls/certs/new.cert.cert SSLCertificateKeyFile /etc/pki/tls/private/new.cert.key Test the certificate. 3) create /home/subversion/repository & /home/subversion/permissions chown -R apache:apache /home/subversion/repository svnadmin create /home/subversion/repository svn import /tmp/project1 file:///home/subversion/repository/project1 -m "initial import" svn checkout file:///home/subversion/repository/project1 project1 4) Edit httpd.conf as follows LoadModule dav_svn_module modules/mod_dav_svn.so LoadModule dav_module modules/mod_dav.so LoadModule authz_svn_module modules/mod_authz_svn.so <Location /svn> DAV svn SVNPath /home/subversion/repository/ # our access control policy AuthzSVNAccessFile /home/subversion/permissions/svnauthorz.conf #how to authenticate the users AuthType Basic AuthName "Subversion Repository" AuthUserFile /var/www/.htpasswd # only authenticated users access the SVN Require valid-user SSLRequireSSL </Location>