How to determine if OpenSSL and mod_ssl are installed on Apache2

Question

Does anyone know the command to determine if OpenSSL and mod_ssl are installed on Apache2?

I'm in the process of trying to install a ssl cert. The first step says that i need to ensure that I have OpenSSL and mod_ssl installed. I had assumed I had, as i enabled ssl module and had installed ssl. However when I ran the first command: openssl genrsa –des3 1024 –out www.mydomain.com.key I got what looked like help information.. So I decided to try and work out if OpenSSl and mod_ssl were installed first before i looked at the command. Hope that explains what im trying to do! Thanks, Fiona — Fiona, Sep 02 '09 at 13:33

score 34 · Accepted Answer · answered Apr 20 '12 at 16:02

34

If you have PHP installed on your server, you can create a php file, let's called it phpinfo.php and add this <?php echo phpinfo();?>, and open the file in your browser, this shows information about your system environment, to quickly find info about your Apache loaded modules, locate 'Loaded Modules' on the resulting page.

answered Apr 20 '12 at 16:02

mohamed elbou

1,829
1
18
21

6

Actually you don't need to 'echo', the function provides it's own output. – DJ Far Apr 24 '16 at 19:34

score 31 · Answer 2 · answered Mar 11 '13 at 19:59

31

If you have PHP installed on your server, you can chek it in runtime using "extension_loaded" funciontion. Just like this:

<?php
if (!extension_loaded('openssl')) {
    // no openssl extension loaded.
}
?>

answered Mar 11 '13 at 19:59

user2158343

311
3
2

This is the cleanest solution for example where I'm building a system requirements page for my installer. – qwertzman Sep 26 '16 at 15:40
This solution is the best for use in PHP code when we want to make our domain automatically redirect from http: // to https: //, thank you for saving my salary! – M. Pancadewa Mar 29 '21 at 09:54

score 24 · Answer 3 · edited Apr 04 '22 at 13:23

24

Usually, when you compile your apache2 server (or install it by packages facility stuff), you can check any directive that're available to be used by tapping this command:

~# $(which httpd) -L | grep SSL # on RHEL/CentOS/Fedora
~# $(which apache2) -L | grep SSL # on Ubuntu/Debian
~# $(which httpd2) -L | grep SSL # on SUSE

If you don't see any SSL* directive, it means that you don't have apache2 with mod_ssl compiled.

edited Apr 04 '22 at 13:23

stackprotector

10,498
4
35
64

answered Jun 10 '11 at 15:18

tunix2fr

381
3
9

1

this should be the accepted answer. Nobody was talking about PHP in the question. – eis Sep 13 '19 at 15:52

score 20 · Answer 4 · answered Sep 04 '09 at 08:15

20

The default Apache install is configured to send this information on the Server header line. You can view this for any server using the curl command.

$ curl --head http://localhost/
HTTP/1.1 200 OK
Date: Fri, 04 Sep 2009 08:14:03 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8a DAV/2 PHP/5.2.6 SVN/1.5.4 proxy_html/3.0.0

answered Sep 04 '09 at 08:15

brianegge

29,240
13
74
99

11

This is not not helpful when ServerSignature and ServerTokens are set to show limited data in Apache. – Wasif Mar 18 '13 at 11:08
in my case, no openssl appears, though mine is running. what version OS are we talking about? – tony gil Dec 19 '14 at 13:46

score 20 · Answer 5 · edited Apr 04 '22 at 13:21

20

Use the following commands.

$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 (or similar output)

For RHEL/CentOS/Fedora:

$ httpd -t -D DUMP_MODULES | grep ssl
ssl_module (shared)

For Ubuntu/Debian

$ apache2 -t -D DUMP_MODULES | grep ssl
ssl_module (shared)

For SUSE

$ httpd2 -t -D DUMP_MODULES 2>&1 | grep ssl
ssl_module (shared)

edited Apr 04 '22 at 13:21

stackprotector

10,498
4
35
64

answered Jun 26 '15 at 08:58

Steve Piercy

13,693
1
44
57

score 10 · Answer 6 · answered Nov 30 '15 at 19:08

Using Apache 2, you can see what modules are currently loaded by the HTTP daemon by running the following command:

apache2ctl -M

The -M option is really just a parameter passed to httpd.

apache2ctl is a front end to the Apache HyperText Transfer Protocol (HTTP) server. It is designed to help the administrator control the functioning of the Apache apache2 daemon.
   NOTE: The default Debian configuration requires the environment variables APACHE_RUN_USER,
   APACHE_RUN_GROUP, and APACHE_PID_FILE to be set in /etc/apache2/envvars.

   The apache2ctl script returns a 0 exit value on success, and >0 if an error  occurs.   For
   more details, view the comments in the script.

Needed to run this command with `sudo` because when I did like that, it returns an error for `SSLCertificateFile: file /path/to/my/certificate/fullchain.pem does not exist or is empty`. This is a normal situation or my SSL config is not correct? — Yohan W. Dunon, Jun 24 '21 at 22:19

SherylHohman · Answer 7 · 2017-02-19T20:06:48.607

Fortunately, Most flavors of Linux have OpenSSL "out of the box".

To verify installation:

openssl version
Response:
OpenSSL 1.0.1t 3 May 2016

Note: version OpenSSL 1.0.1 through 1.0.1f (inclusive)
are vulnerable to the OpenSSL Heartbleed Bug.
Versions 1.0.1g and greater are fixed.

For additional install info:

Ubuntu/Debian
dpkg -l | grep -i openssl
Response:
ii libcrypt-openssl-random-perl 0.04-2+b1 amd64 module to access the OpenSSL pseudo-random number generator ii libcurl3:amd64 7.38.0-4+deb8u5 amd64 easy-to-use client-side URL transfer library (OpenSSL flavour) ii libgnutls-openssl27:amd64 3.3.8-6+deb8u4 amd64 GNU TLS library - OpenSSL wrapper ii openssl 1.0.1t-1+deb8u6 amd64 Secure Sockets Layer toolkit - cryptographic utility ii python-ndg-httpsclient 0.3.2-1 all enhanced HTTPS support for httplib and urllib2 using PyOpenSSL ii python-openssl 0.14-1 all Python 2 wrapper around the OpenSSL library ii ssl-cert 1.0.35 all simple debconf wrapper for OpenSSL
Yea, OpenSSL is installed!

To install OpenSSL if you don't have it, try:

Debian/Ubuntu:
sudo apt-get install openssl

RedHat/CentOS:
yum install openssl

score 4 · Answer 8 · answered Jul 13 '15 at 11:08

To determine openssl & ssl_module

# rpm -qa | grep openssl
openssl-libs-1.0.1e-42.el7.9.x86_64
openssl-1.0.1e-42.el7.9.x86_64
openssl098e-0.9.8e-29.el7.centos.2.x86_64
openssl-devel-1.0.1e-42.el7.9.x86_64

mod_ssl

# httpd -M | grep ssl

or

# rpm -qa | grep ssl

score 3 · Answer 9 · answered Sep 04 '09 at 08:05

You should install this Apache mod, http://httpd.apache.org/docs/2.0/mod/mod_info.html, it basically gives you a run down of the mods you're using and the Apache settings. I have this enabled on my Apache and it gives me this info for my website,

Server Version: Apache/2.2.3 (Debian) mod_jk/1.2.18 PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8

score 3 · Answer 10 · answered Jul 13 '14 at 01:51

If you just run openssl in your terminal it should present the openSSL shell. My first clue to knowing that I didn't have mode_ssl was when I got the following error after adding SSLEngine on in my virtualhost file:

Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

In centos I just had to install it via yum install mod_ssl

score 3 · Answer 11 · edited Sep 11 '17 at 17:16

3

Just look in the ssl_engine.log in your Apache log directory where you should find something like:

[ssl:info] [pid 5963:tid 139718276048640] AH01876: mod_ssl/2.4.9 compiled against Server: Apache/2.4.9, Library: OpenSSL/1.0.1h

edited Sep 11 '17 at 17:16

Billal Begueradj

20,717
43
112
130

answered Dec 22 '14 at 11:18

Michael Niemand

1,578
3
23
39

score 2 · Answer 12 · answered Nov 04 '19 at 01:52

2

Create a test.php file with the following code in a www folder:

<?php echo phpinfo();?>

When you navigate to that page/URL in the browser. You will see something similar if you have openssl enabled:

answered Nov 04 '19 at 01:52

Ranch Camal

501
1
4
12

score 1 · Answer 13 · answered Mar 23 '18 at 21:19

Enable mod_ssl in httpd.conf and restart the apache. You will see the openssl information in error.log as below

[Fri Mar 23 15:13:38.448268 2018] [mpm_worker:notice] [pid 8891:tid 1] AH00292: Apache/2.4.29 (Unix) OpenSSL/1.0.2n configured -- resuming normal operations
[Fri Mar 23 15:13:38.448502 2018] [core:notice] [pid 8891:tid 1] AH00094: Command line: '/opt/apps/apache64/2.4.29/bin/httpd'

score 1 · Answer 14 · answered Mar 16 '19 at 01:01

1

to verify in php command lie

 $php -i | grep openssl

answered Mar 16 '19 at 01:01

Rafael Guimarães

400
4
10

score -1 · Answer 15 · answered Jun 09 '16 at 06:01

In my case this is how I got the information:

find where apache logs are located, and go there, in my case:

cd /var/log/apache2
find in which log openssl information can be found:

grep -i apache.*openssl *_log

e.g. error_log ...
to get fresh information, restart apache, e.g.

rcapache2 restart # or service apache2 restart
check for last entries in the log, e.g.

/var/log/apache2 # tail error_log

[Thu Jun 09 07:42:24 2016] [notice] Apache/... (Linux/...) mod_ssl/2.2.22 OpenSSL/1.0.1t ...

score -2 · Answer 16 · edited Dec 11 '18 at 09:01

-2

To find the ssl version

Go to Apache bin folder in command prompt
Enter these commands "openssl version"

edited Dec 11 '18 at 09:01

MorganFreeFarm

3,811
8
23
46

answered Dec 11 '18 at 08:45

Manighandan

1

How to determine if OpenSSL and mod_ssl are installed on Apache2

16 Answers16

To verify installation:

For additional install info:

To install OpenSSL if you don't have it, try: