Setup SSL certificate with ATS & Apache httpd

Reindl Harald

2017-09-13 11:53:31 UTC

Post by Alexander Yurchik
Hello
I have ATS & Apache httpd installed and configured to run my site.
Both runs on the same machine. ATS is 5.x version.
CONFIG proxy.config.http.server_ports STRING 80
Now I obtained an SSL certificate from Let's encrypt project and want my
site to be available via https as well.
How I can do that?
Now my idea is to create SSL enabled virtual host in Apache httpd and
just condigure ATS to listen on 443 port and map https url to apache's
virtual host with SSL enabled. So basically I just need to setup ATS to
listen on 443 and do proper mapping.
OR
Maybe I don't need to setup SSL in Apache and all SSL stuff should be
configured on ATS level? If so - how I can do that?

first throw way version 5.x - it's a joke when it comes to TLS - bad
enough that 7.1.1 still don't support RSA/ECDSA dualstack but 5.x as far
as i remember did even not support DHE and other ciphers proper

when you have a proxy in front there is no need to configure https on
the backend - google for "tls offloading" - the lcient never talks to
the httpd machine and it makes no sense to encrypt the traffic between
frontend and backend especially when both are on the same machine

records.config
CONFIG proxy.config.http.server_ports STRING 80 443:ssl

remap.config:
map http://whatever http://backend
map https://whatever http://backend

remap.config hwne you want to enforce https:
map http://whatever https://whatever
map https://whatever http://backend

ssl_multicert.config:
ssl_cert_name=/path/to/your/certificate-including-the-chain.pem

if you don't know how to make a sane pem-file containing the whole
chain, certficate and key just read
https://docs.trafficserver.apache.org/en/4.2.x/reference/configuration/ssl_multicert.config.en.html