How do I activate SSL on the Urchin Webserver?
The Urchin webserver that ships with Urchin is capable of encrypting communication via SSL. To enable SSL, you will need to have either a valid certificate signed by a certificate authority or a self-signed certificate.
To enable SSL in the Urchin webserver:
- Copy your SSL certificate file into the Urchin var directory and name it server.crt
- Copy your SSL key file into the Urchin var directory and name it server.key
- Edit the urchinwebd.conf.template file located in the Urchin var directory.
- (Skip this step if you are using Urchin 6.6+.) Comment out the Port line and uncomment the Listen directive.
#XXXPortXXX Listen 443
Change the ServerName directive from localhost to the name of your webserver. For example:
ServerName: www.urchin.com
NOTE: The ServerName in the urchinwebd.conf.template file needs to match the name of the server that is in the certificate file.
- (Skip this step if you are using Urchin 6.6+.) Comment out the Port line and uncomment the Listen directive.
- Start or restart the webserver using urchinctl with the -e option. Urchinctl is located in the Urchin bin directory. The -e option instructs urchinctl to enable SSL in the webserver. For example, to restart the webserver with SSL enabled on port 443: For versions prior to Urchin 6.6:
urchinctl -e -w restart
For Urchin 6.6+:urchinctl -e -p 443 -w restart
Note: To start the server without SSL enabled, leave out the -e option.
You should now be able to access your SSL enabled server using https://servername.domain.com:port/
Note: Customizing the SSL settings in the urchinwebd.conf.template may result in problems that could prohibit the webserver from starting.
Windows Instructions
To enable SSL in the Urchin webserver:
- Copy your SSL certificate file into the Urchin var directory and name it server.crt
- Copy your SSL key file into the Urchin var directory and name it server.key
- Edit the urchinwebd.conf.template file located in the Urchin var directory.
- (Skip this step if you are using Urchin 6.6+.) Comment out the Port line and uncomment the Listen directive.
#XXXPortXXX Listen 443
- Uncomment the following line to load mod_ssl.so when the webserver starts:
LoadModule ssl_module etc/mod_ssl.so
Change the ServerName directive from localhost to the name of your webserver. For example:
ServerName: www.urchin.com
NOTE: The ServerName in the urchinwebd.conf.template file needs to match the name of the server that is in the certificate file.
- (Skip this step if you are using Urchin 6.6+.) Comment out the Port line and uncomment the Listen directive.
- Remove and install the webserver service using urchinctl with the -e option. Urchinctl is located in the Urchin bin directory. The -e option instructs urchinctl to enable SSL in the webserver. For example, to remove and install the webserver with SSL enabled on port 443: For versions prior to Urchin 6.6:
urchinctl.exe -w remove urchinctl.exe -w -e install
For Urchin 6.6+:urchinctl.exe -w remove urchinctl.exe -e -p 443 -w install
Note: To start the server without SSL enabled, leave out the -e option.
You should now be able to access your SSL enabled server using https://servername.domain.com:port/
Note: Customizing the SSL settings in the urchinwebd.conf.template may result in problems that could prohibit the webserver from starting.