Using SSL / Secure Pages for Drupal

We encourage users to post events happening in the community to the community events group on https://www.drupal.org.
sclapp's picture
Posted by sclapp on July 14, 2011 at 4:45pm

Is anyone out there using SSL for secure logins on their Drupal installation? I'm trying to test the use of SSL in conjunction with CAS / Secure Pages to see if it works for us, but I'm running into configuration troubles on my Acquia DAMP stack, which I use for testing (on a Win PC). I think the issue may be as basic as being at the OpenSSL or Apache level, but I'm not sure. It looks like php was built with openssl enabled in the Acquia stack (per phpinfo).

I can get OpenSSL to generate a self-signed certificate, but when I run a test of the new certificate (per instructions at http://www.madboa.com/geek/openssl/#cert-self), it doesn't complete successfully. It hangs, then I get an error 10004 for using Ctrl-C to stop it, I believe. Another test method - going to the listen port (4443) on the server isn't working either. The Acquia DAMP stack by default uses port 8082 for regular http.

I'm not well-versed in Apache admin or SSL, so I don't know if there's some setting that has to be tweaked in Apache to make all of this happen. Haven't even gotten to the level of testing/configuring the CAS or Secure Pages modules, since I need SSL running successfully first. Hope this makes sense, apologies if not.

Comments

Is the apache module enabled for SSL?

Posted by beanworks on July 15, 2011 at 7:46pm
beanworks's picture

There should be a mod_ssl, and a ssl-global.conf file which will need to be configured.

For many reasons, a captive

Posted by highermath on July 19, 2011 at 11:25pm
highermath's picture

For many reasons, a captive stack like Acquia or XAMPP is sub-optimal for doing this type of work. It can be done, but the number of potential gotchas is daunting.

If you can't come up with a dev server, even if it is the old netbook you were going to use as a doorstop, the next best thing is a virtual server with its own IP address. That way you don't have to deal with non-standard port numbers, and you can more closely mimic what you intend to do in production.

You might want to look at Oracle's free VirtualBox for this. You can either set up a server from scratch, or download a prebuilt virtual machine. Did I mention that it is free.

I once did a demo (of Evergreen) using Keynote and Firefox on my directly on my Mac, a Linux server in one VM, and a Windows client in another. To everyone's amazement, not the least of which my own, it went swimmingly.

If you're using Drupal 6,

Posted by c4rl on July 20, 2011 at 3:05am
c4rl's picture

If you're using Drupal 6, consider http://drupal.org/project/securepages_prevent_hijack

Drupal and Apache, all pages SSL

Posted by generalelektrix on July 20, 2011 at 1:53pm
generalelektrix's picture

I followed the link to this module and found one to this article: http://drupalscout.com/knowledge-base/drupal-and-ssl-multiple-recipes-po.... There's a partial solution on how to make all pages SSL, which is what I did with our site at https://rvmweb.bibl.ulaval.ca/. But as someone mentionned earlier, you will also have to deal with SSL configuration in conf/extra/httpd-ssl.conf and add a line to httpd.conf: Include conf/extra/httpd-ssl.conf.

There are good examples of SSL configuration in the Apache documentation for various platforms.

Libraries

Group organizers

Group categories

Resources

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds: