Configuring One-Way SSL Authentication

Procedure

  1. Ensure that the mod_ssl module is available in the Apache HTTP server installation.
  2. Enable the mod_ssl module as follows:
    1. Open the APACHE_HOME/conf/httpd.conf file for editing.
    2. Uncomment the following directive in the httpd.conf file, if commented. If this directive does not exist, add it in the file:

         LoadModule ssl_module APACHE_ROOT/modules/mod_ssl.so

      where APACHE_ROOT is the actual path of the Apache HTTP server installation which must be SSL enabled.

    3. Uncomment the following line in the file:

      #Include conf/extra/httpd-ssl.conf

    4. Save the changes in the file.
  3. Open the APACHE_HOME/conf/extra/httpd-ssl.conf file for editing.
    1. Set the values for the specified directives (if not already set), as follows:

      SSLEngine on

      SSLCertificateFile "Name_of_Server_public_certificate"

      SSLCertificateKeyFile "Name_of_Server_private_key"

      SSLCACertificateFile Name_of_CA_Certificate

      SSLVerifyClient none

    2. Set the Listen directive if you want to change the default port value for SSL requests:

         Listen listening_port_value

    3. Save the changes made to the APACHE_HOME/conf/extra/httpd-ssl.conf file.
  4. Import the CA certificate as specified in the SSLCACertificateFile directive of the Apache Server configuration.
  5. Verify that the SSL configuration is working.
    1. Open a web browser window.
    2. Enter the following URL to verify the connection to the Apache server.
      http://machine_name:listening_port_value

      For example,

      http://<machine-name>:8443

  6. Verify that the connection to the Apache server is successful.