1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:11 am May 1, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Apache 2.2.xx | SSl support - diffs in .conf options | semi-newbie

understanding different options for SSL support in http.conf

         

cooch17

12:46 am on Aug 27, 2017 (gmt 0)

10+ Year Member



Using Apache 2.2.xx for serving several low-traffic domains with primarily static pages (meaning, unsecure HTTP is generally fine). However, for a variety of reasons, I'm starting the slow process of re-configuring for SSL support for https connections.

In the early stages of this effort, I've noticed several things related to configuring Apache which seem to relate to the same thing. Hoping someone can help me understand the difference between the following bits of code which can, in theory, be placed itno httpd.conf:

# Secure (SSL/TLS) connections
Include conf/extra/httpd-ssl.conf

versus (or, in addition to)

# Bring in additional module-specific configurations
<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>

If it helps/matters to the answer, I compile Apache from source (as opposed to downloading from a repo), on a box with a recent flavor of openssl installed. I've tried using

./configure --prefix=/usr/local/apache2 --with-included-apr \
--enable-ssl
--with-ssl=/opt/openssl-1.0.1e

and and have tried various permutes to the httpd.conf to get it working. if I try uncommenting the following, which seems like what I should do,

# Bring in additional module-specific configurations
<IfModule mod_ssl.c>
Include conf/ssl.conf
</IfModule>

system throws an error about missing ssl.conf (which makes sense, since there is no ssl.conf in conf/ssl.conf). Seems like ssl.conmf only gets installed if you yum install (or equivalent) mod_ssl. So, what do you do if you compile from source?

So, I'll start with small steps -- trying to figure out what flags I need to set during compilation, and what SSL-related things I should be configuring httpd.conf.

Thanks much in advance...

keyplyr

2:14 am on Aug 27, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



Hi cooch17
unsecure HTTP is generally fine
It won't be fine very soon. All pages, with or without a LogIn or Payment utility, will soon be required to be secure... so good you're getting this done.


<slightly off topic, my apologies if this is unwarranted>
Using Apache 2.2
2.2 went end of life with the release of 2.2.34 in mid July and has a list of vulnerabilities. Anyway you could upgrade to Apache 2.4? That's what I'd do if I was configuring a new server.

Some of the benefits of HTTPS can only be achieved with 2.4.

Also...
• 2.4 processes faster.
• 2.4 supports HTTP/2 greatly increasing download speeds with multi-threading.
• 2.4 is more developed with Windows in mind.
• 2.4 is more stable.
• 2.4 introduces harmonization of authentication and authorization mechanisms.
• 2.4 introduces new authorization container directives.

Note: Before doing an upgrade from 2.2 to 2.4, you should update your Apache configuration accordingly to avoid deprecated directive failure.

lucy24

4:01 am on Aug 27, 2017 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



<IfModule mod_ssl.c>
If it's your own server, there is absolutely no earthly reason for the <IfModule> envelope. Either you've got the mod or you don't.

cooch17

2:53 pm on Aug 27, 2017 (gmt 0)

10+ Year Member



Yes, its my own server. So, --enable-ssl (which I do during the compilation) is not the same as mod_ssl? And related, what is the difference between httpd-ssl.conf and ssl.conf?
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 11:11 am May 1, 2026