Installing SSL

Now that you've learned all about SSL, you need to install SLL support for Apache. SSL support is provided by mod_ssl, a module that is included with Apache, but is not enabled by default. mod_ssl, in turn, requires the OpenSSL library?an open-source implementation of the SSL/TLS protocols and a variety of other cryptographic algorithms. OpenSSL is based on the SSLeay library developed by Eric A. Young and Tim J. Hudson.


This section explains how to download and install the OpenSSL toolkit for both Windows and Unix variants.


The required OpenSSL libraries are included with the Windows installer of Apache 2.0 and no further installation or download is necessary. openssl.exe is included in the bin/ directory of the Apache distribution. It is a utility for generating certificates, keys, certificate signing requests, and so on.


If you are running a recent Linux or FreeBSD distribution, OpenSSL might already be installed in your system. Use the package management tools bundled with your distribution to determine whether that is the case or, otherwise, to install it.

If you need to install OpenSSL from source, you can download OpenSSL from After you have downloaded the software, you need to uncompress it and cd into the created directory:

#> gunzip < openssl*.tar.gz | tar xvf -
#> cd openssl*

OpenSSL contains a config script to help you build the software. You must provide the path to which the software will install. The path used in this hour is /usr/local/ssl/install, and you probably need to have root privileges to install the software there. You can install the software as a regular user, but to do so, you will need to change the path. Then, you must build and install the software:

#> ./config --prefix=/usr/local/ssl/install \
#> make
#> make install

If everything went well, you have now successfully installed the OpenSSL toolkit. The openssl command-line tool will be located in /usr/local/ssl/install/bin/.

This tool is used to create and manipulate certificates and keys, and its usage is described in a later section on certificates.


In the past, SSL extensions for Apache had to be distributed separately because of export restrictions. These restrictions no longer exist and mod_ssl is bundled and integrated with Apache 2.0. This section describes the steps necessary to build and install this module. mod_ssl depends on the OpenSSL library, so a valid OpenSSL installation is required.


You can download a binary distribution of Apache 2.0 for the Windows platform from; it includes mod_ssl. You might need to uncomment the following line in the configuration file:

LoadModule ssl_module modules/

If you are using the Apache 2.0 server that came installed with your operating system, chances are that it already includes mod_ssl. Use the package management tools bundled with your distribution to install mod_ssl if it is not present in your system.

When you build Apache 2.0 from source, you must pass the following options to enable and build mod_ssl at compile time. The options are in addition to the options used in Hour 2, "Installing and Configuring Apache," to ensure that PHP was successfully installed.

--enable-ssl --with-ssl=/usr/local/ssl/install/openssl

This assumes that you installed OpenSSL in the location described in previous sections.

If you compiled mod_ssl statically into Apache, you can check whether it is present by issuing the following command, which provides a list of compiled-in modules:

#> /usr/local/apache2/bin/httpd -l

The command assumes that you installed Apache in the /usr/local/apache2 directory.

If mod_ssl was compiled as a dynamic loadable module, the following line must be added or uncommented to the configuration file:

LoadModule ssl_module modules/

    Part III: Getting Involved with the Code