SSL and https





Certification Authorities: VeriSign, Thawte




Does your system support SSL?

rpm -q OpenSSL

rpm -q mod_ssl



Create a self-signed SSL Certificate.

Place it in the correct location.

Create a Key Pair.

Create a Certificate Signing Request (CSR).


Setting Up SSL to Create Certificates

Creating Your Own Certificates

Virtual Hosts

Name-Based vs. IP-Based Virtual Hosts

Virtual Host Examples:

Listen 80


# These are name-based virtual hosts
DocumentRoot /www/cars

DocumentRoot /www/trucks

DocumentRoot /www/motorcycles

# IP-based
DocumentRoot /www/planes

DocumentRoot /www/trains


Debugging: the httpd -S command

Assignment: Create a fake domain name and configure a virtual host container. Be sure to put a rudimentary index page in the configured location.

Test and correct as necessary until it works locally (from your own computer).

Now exchange domain names and map them in your Hosts configuration.

Test again. Can you find everyone’s web site?

Authentication and Access Control

Authentication, Authorization and Access Control

See’s Authentication, Authorization and Access Control page (for the 2.0 version):

Creation and location of the password file: the htpasswd utility

Assignment: Use htpasswd to create a password file.

Select a secure location.

Create the first user.

Create a subsequent user.


Configuring the server to request a password and authenticate the user:
Note that you can do this in a .htaccess file OR in a Directory container!

AuthType Basic
AuthName “Restricted_Realm_Name
AuthUserFile /usr/sbin/apache/passwd/passwords
Require user User_Name

Similarly, requiring group membership:

AuthType Basic
AuthName “Restricted_Realm_Name
AuthUserFile /usr/sbin/apache/passwd/passwords
AuthGroupFile /usr/sbin/apache/passwd/groups
Require group Group_Name


Allowing Authentication in Directory Containers: Just use the Directives above!

Allowing Authentication in .htaccess files:

AllowOverride AuthConfig


About .htaccess Files

Allow and Deny

Detailed Examples




Limit and LimitExcept

Assignment: Set up a secure directory using an .htaccess file.

First, require a user name and password.

Next, modify the configuration to allow only one host access without a password. Other users must be required to supply a password.

For the next iteration, require both.

Next, allow GET but deny POST.

Finally, eliminate support for .htaccess files, but secure one directory in the web filesystem.


More Resources

The .htaccess Tutorial

A good article from Using User Authentication

Apache Configuration

The supplied template file



Directives (p. 37) httpd -L


Sections (p. 38)

Directory and DirectoryMatch

Files and FilesMatch

Location and LocationMatch

Regular Expression ReferenceWildcards and Regular Expressions



Limit and LimitExcept



Options (p. 47 ff.)


Building and Testing New Configurations (p. 43)

The apachectl utility and httpd

man apachectl

man httpd


A Separate SSL Config File

Including Config Files and Including Directories

The apxs Utility:


Configuration Tools


The Red Hat/Fedora Apache Configuration Tool



NOTE that you must restart Apache if you make changes to its configuration file(s)!


Assignment: Download and install Webmin

See my “Packages and Signing” lecture for information on using keys and signatures when you download packages to install.


UNM Division of Continuing Education Course: Apache Web Server Management



NOTE: Assignments and Instructions are shown in this bold blue text. Follow these instructions.

Please mark this page as your home page. We will be returning here frequently.

After we cover each chapter, you are responsible to study the chapter on your own.


What is Apache?

A file server that targets the browser

The Apache root

The web root

The Apache user

Content negotiation

Application server: C/C++, Java, VB, Perl, PHP, Python, Ruby, etc. …

The Apache philosophy

The Classic Version: 1.3



The Apache web site:

Their documentation:

Version 2.0:

Version 2.2:

Apache Administrator’s Handbook, supplied with this course
Page citations are indicated in blue italics: (p. 1)


The Role of the Registrar

What is DNS?

Apache will function on only IP

Resolution is needed for a true domain name

Logging: should you do reverse lookups? – DNS required



Installing on Windows

Assignment: Download and install Apache for Windows.

Installing via tarball

Assignment: Download and install the most current Apache tarball.

(See for the goriest possible scenario.)

Installing via RPM

Assignment: Download and install the most current Apache RPM for Fedora 4.