Home | About Chris Hope | Contact Chris Hope | Search:

Installing mod_ssl on Apache on CentOS 5

Posted September 20th, 2007 in Apache (Updated September 21st, 2007)

I was moving a customer's website from its old dedicated web server to a shiny new one, installing CentOS 5 on it with Apache 2.2 (known simply as "httpd" on RedHat Enterprise Linux and therefore CentOS, which is derived from RHEL) and MySQL 5.0. They already had a secure certificate running on the old site, so I copied the certificate files over and the secure server settings into the appropriate configuration file.

I then ran the command

sudo service httpd reload

to reload Apache and take in the new configuration settings but instead of it being reloaded I got this error message instead:

Syntax error on line 35 of /etc/httpd/vhosts.d/plates.conf:
Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

I had forgotten to install mod_ssl as part of Apache. A quick yum search mod_ssl revealed:

$ yum search mod_ssl
Loading "installonlyn" plugin
Setting up repositories
Reading repository metadata in from local files

mod_ssl.x86_64                           1:2.2.3-6.el5.centos.1 base
Matched from:
mod_ssl
The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols.

mod_ssl.x86_64                           1:2.2.3-7.el5.centos   updates
Matched from:
mod_ssl
The mod_ssl module provides strong cryptography for the Apache Web
server via the Secure Sockets Layer (SSL) and Transport Layer
Security (TLS) protocols.

So all I needed to do was:

sudo yum install mod_ssl

This automatically configured Apache to use SSL when it was restarted, by adding the file /etc/httpd/conf.d/ssl.conf which contains the necessary stuff to enable SSL. I restarted Apache with a sudo service httpd restart and was good to go.

Update: I discovered that there were errors and it wasn't actually using the valid secure certificate. Read more details about this in the Default virtualhost's secure certificate used with mod_ssl post.