How to Enable SSL for CSWapache2

If you’ve spent any time at all around Solaris 10, you know that Sun has invested a fair amount of effort developing a pretty snazzy Service Management Facility (SMF). It is extremely flexible and feature rich, but it’s not quite as strait forward as the old legacy /etc/init.d scripts. If you’re running the OpenCSW Apache package, it installs a Service Manifest into the SMF, so you’ll have to edit this to run Apache SSL… Here’s how:


# svccfg

svc:> select cswapache2
svc:/network/http:cswapache2> listprop httpd/ssl

httpd/ssl  boolean  false

svc:/network/http:cswapache2> setprop httpd/ssl=true
svc:/network/http:cswapache2> exit

Now, make the changes active:


# svcadm disable cswapache2
# svcadm enable cswapache2
# svcprop -p httpd/ssl svc:/network/http:cswapache2

false

# svcadm refresh cswapache2
# svcprop -p httpd/ssl svc:/network/http:cswapache2

true

MySQL Connection Over an ssl Tunnel

Rather than leave MySQL open to the world, consider firewalling it off and tunneling a connection over ssh.

This command will allow you to connect to your MySQL server on hostname.domain.com on localhost:7777.

ssh -L7777:127.0.0.1:3306 user@hostname.domain.com