Table of Contents

Configuring SSL

...

1. Copy the certificate files to ${apache_home}/conf/CSR/

2. Open "${apache_home}/conf/httpd.conf" file 

3. a) Search for the "LoadModule ssl_module modules/mod_ssl.so" and remove

   1. Remove any pound sign(#) at the start of the line (i.e. uncomment it)

   b)

   1. If this line is not found in the file, then it means

   that the

   1. SSL module is not installed. Please install this depending on the OS of the server

   .
                  

   1. For CentOS - yum install mod_ssl

4. Skip this 5th step if you installed SSL module manually i.e (3.2b)

5. Add below section at the end of the file httpd.conf file after replacing the dummy values with the real one. 

   Code Block

   Listen 443 <VirtualHost *:443>   DocumentRoot "D:\OpenSpecimen\Apache2.2\htdocs" ServerAdmin biobank@yourdomain.edu ServerName biobank.yourdomain.edu SSLEngine on SSLCertificateFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank_cert.crt" SSLCertificateKeyFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank.key" RedirectMatch ^/$ /openspecimen ProxyPass /openspecimen ajp://localhost:8009/openspecimen ProxyPassReverse /openspecimen ajp://localhost:8009/openspecimen SSLProtocol all -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!RC4:!MD5:!DES:!SHA:!3DES:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL SSLHonorCipherOrder On Header always set X-Frame-Options SAMEORIGIN Header always set X-Content-Type-Options nosniff </VirtualHost>   Note: Make sure that "SSLCertificateFile" and "SSLCertificateKeyFile" are properly located.

   
   

6. In case of the new SSL module installation (3b), edit /etc/httpd/conf.d/ssl.conf file and add below lines in <VirtualHost> tag.

   Code Block

   ServerAdmin biobank@yourdomain.edu ServerName biobank.yourdomain.edu SSLCertificateFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank_cert.crt" SSLCertificateKeyFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank.key" RedirectMatch ^/$ /openspecimen ProxyPass /openspecimen ajp://localhost:8009/openspecimen ProxyPassReverse /openspecimen ajp://localhost:8009/openspecimen SSLProtocol all -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!RC4:!MD5:!DES:!SHA:!3DES:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL SSLHonorCipherOrder On Header always set X-Frame-Options SAMEORIGIN Header always set X-Content-Type-Options nosniff   Note: Remove existing entries for "SSLCertificateFile" and "SSLCertificateKeyFile". Also make sure files are located at specified path.

   
   

...

1. Enable expires module: 
   The expires module is not compiled by default and must be enabled in the Apache. To enable the expires module please run the below command:

   Code Block
   sudo a2enmod mod_expires

   
   

2. Add the below directive in the <Virtual Host> section. 
   
   

   ExpiresActive On
   ExpiresDefault "access plus 3 hours"

   After updating the Virtual Host configuration will looks like below:

   Code Block

   <VirtualHost *:443> DocumentRoot "D:\OpenSpecimen\Apache2.2\htdocs" ServerAdmin biobank@yourdomain.edu ServerName biobank.yourdomain.edu ExpiresActive On ExpiresDefault "access plus 3 hours" SSLEngine on SSLCertificateFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank_cert.crt" SSLCertificateKeyFile "D:\OpenSpecimen\Apache2.2\conf\CSR\biobank.key" RedirectMatch ^/$ /openspecimen ProxyPass /openspecimen ajp://localhost:8009/openspecimen ProxyPassReverse /openspecimen ajp://localhost:8009/openspecimen SSLProtocol all -TLSv1 -SSLv2 -SSLv3 SSLCipherSuite ALL:+HIGH:!ADH:!RC4:!MD5:!DES:!SHA:!3DES:!EXP:!SSLv2:!SSLv3:!MEDIUM:!LOW:!NULL:!aNULL SSLHonorCipherOrder On Header always set X-Frame-Options SAMEORIGIN Header always set X-Content-Type-Options nosniff </VirtualHost>