Configuring SSL for Apache on Linux OS |
|
Before you begin this task:
- Apache 2.2.X version must be installed on the computer.
- Copy and extract files needed for Process Platform installation on linux machine.
- Install Process Platform and give path of the Apache installation directory.
- Copy openssl.cnf from the default Apache installation directory to a temporary location.
- Create a Server certificate. Certificates generated usually contain the machine name, it is recommended to use IP Address in the Subject Alternate Name attribute for working with Event Handling. For more information on creating a sample certificate in Apache, refer to Creating a Certificate in Apache.
Secured Socket Layer (SSL) is a protocol that enables secure communication in a network. It prevents eavesdropping on a network and ensures that sensitive information is not tapped.
- Navigate to the <Apache installation directory>/conf/httpd.conf file.
- Add the following code in the file:
LoadModule ssl_module modules/mod_ssl.so
- Add the following code in the file:
Include conf/extra/httpd-ssl.conf
- Check the server name and the port number of the virtual host in the <Apache installation directory>/conf/etc/httdp-ssl.conf file.
- Add the following lines of code in the <Apache installation directory>/conf/httpd.conffile:
# General setup for the virtual host DocumentRoot "<Apache installation directory>/htdocs" ServerName <computer name> ErrorLog "<Apache installation directory>/logs/error.log" TransferLog "<Apache installation directory>/logs/access.log"
- Set the path of the server certificate and the server certificate key file in the <Apache installation directory>/conf/etc/httdp-ssl.conffile. For example:
SSLCertificateFile conf/ssl/serverCert.cer SSLCertificateKeyFile conf/ssl/serverCertKey.key
- Navigate to the <Process_Platform_Installation_Directory>\<instance name>\components\webgateway\Apache\Cordys_apache.conffile, replace the following lines of code:
Alias /cordys "<Process_Platform_Installation_Directory>\<instance name>\Web" <Directory "<Process_Platform_Installation_Directory>\defaultinst\Web"> AllowOverride All AuthName "Cordys" AuthType SSPI SSPIAuth On SSPIAuthoritative On Allow from all Require valid-user </Directory>
with the following lines of code:
Alias /cordys "<Process_Platform_Installation_Directory>\<instance name>\Web" <Directory "<Process_Platform_Installation_Directory>\<instance name>\Web"> Anonymous_NoUserID on Anonymous_VerifyEmail off Anonymous_MustGiveEmail off Anonymous_LogEmail off Anonymous anonymous #Satisfy any Allow from all </Directory>
- Client Authentication:
- Add the following lines of code in the <Process_Platform_Installation_Directory>/components/webgateway/Apache/cordys_apache.conffile:
<Directory <Process_Platform_Installation_Directory>\Web> SSLVerifyClient require SSLVerifyDepth 2 SSLRequireSSL SSLCACertificatePath conf/ssl/ AllowOverride All Allow from all </Directory>
- Restart the Apache server.
Process Platform is now configured using SSL in Apache.
After you complete this task:
- To suppress HTTP support for the Web site, add the following code in the <Process_Platform_Installation_Directory>/components/webgateway/Apache/cordys_apache.conf file for each Web site name.
<IfDefine SSL> RewriteEngine On RewriteBase / RewriteCond %{HTTPS} off RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI} </IfDefine> - Follow the instructions to set the node url to the HTTPS protocol.
- Add the following lines of code in the <Process_Platform_Installation_Directory>/components/webgateway/Apache/cordys_apache.conffile: