How to determine if OpenSSL and mod_ssl are installed on Apache2

Does anyone know the command to determine if OpenSSL and mod_ssl are installed on Apache2?

If you have PHP installed on your server, you can create a php file, let's called it phpinfo.php and add this <?php echo phpinfo();?>, and open the file in your browser, this shows information about your system environment, to quickly find info about your Apache loaded modules, locate 'Loaded Modules' on the resulting page.

If you have PHP installed on your server, you can chek it in runtime using "extension_loaded" funciontion. Just like this:

<?php
if (!extension_loaded('openssl')) {
    // no openssl extension loaded.
}
?>

Usually, when you compile your apache2 server (or install it by packages facility stuff), you can check any directive that're available to be used by tapping this command:

~# $(which httpd) -L | grep SSL # on RHEL/CentOS/Fedora
~# $(which apache2) -L | grep SSL # on Ubuntu/Debian
~# $(which httpd2) -L | grep SSL # on SUSE

If you don't see any SSL* directive, it means that you don't have apache2 with mod_ssl compiled.

The default Apache install is configured to send this information on the Server header line. You can view this for any server using the curl command.

$ curl --head http://localhost/
HTTP/1.1 200 OK
Date: Fri, 04 Sep 2009 08:14:03 GMT
Server: Apache/2.2.8 (Unix) mod_ssl/2.2.8 OpenSSL/0.9.8a DAV/2 PHP/5.2.6 SVN/1.5.4 proxy_html/3.0.0

Use the following commands.

$ openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013 (or similar output)

For RHEL/CentOS/Fedora:

$ httpd -t -D DUMP_MODULES | grep ssl
ssl_module (shared)

For Ubuntu/Debian

$ apache2 -t -D DUMP_MODULES | grep ssl
ssl_module (shared)

For SUSE

$ httpd2 -t -D DUMP_MODULES 2>&1 | grep ssl
ssl_module (shared)

Using Apache 2, you can see what modules are currently loaded by the HTTP daemon by running the following command:

apache2ctl -M

The -M option is really just a parameter passed to httpd.

> apache2ctl is a front end to the Apache HyperText Transfer Protocol > (HTTP) server. It is > designed to help the administrator control the functioning of the Apache apache2 daemon. > > NOTE: The default Debian configuration requires the environment variables APACHE_RUN_USER, > APACHE_RUN_GROUP, and APACHE_PID_FILE to be set in /etc/apache2/envvars. > > The apache2ctl script returns a 0 exit value on success, and >0 if an error occurs. For > more details, view the comments in the script.

Fortunately, Most flavors of Linux have OpenSSL "out of the box".

#To verify installation: openssl version
Response:

Note: version OpenSSL 1.0.1 through 1.0.1f (inclusive)
are vulnerable to the OpenSSL Heartbleed Bug.
Versions 1.0.1g and greater are fixed.

#For additional install info: Ubuntu/Debian
dpkg -l | grep -i openssl
Response:

ii  libcurl3:amd64                 7.38.0-4+deb8u5 amd64  easy-to-use client-side URL transfer library (OpenSSL flavour)  
ii  libgnutls-openssl27:amd64      3.3.8-6+deb8u4  amd64  GNU TLS library - OpenSSL wrapper  
ii  openssl                        1.0.1t-1+deb8u6 amd64  Secure Sockets Layer toolkit - cryptographic utility  
ii  python-ndg-httpsclient         0.3.2-1         all    enhanced HTTPS support for httplib and urllib2 using PyOpenSSL  
ii  python-openssl                 0.14-1          all    Python 2 wrapper around the OpenSSL library  
ii  ssl-cert                       1.0.35          all    simple debconf wrapper for OpenSSL

Yea, OpenSSL is installed!

#To install OpenSSL if you don't have it, try:
Debian/Ubuntu:
sudo apt-get install openssl

RedHat/CentOS:
yum install openssl

To determine openssl & ssl_module

# rpm -qa | grep openssl
openssl-libs-1.0.1e-42.el7.9.x86_64
openssl-1.0.1e-42.el7.9.x86_64
openssl098e-0.9.8e-29.el7.centos.2.x86_64
openssl-devel-1.0.1e-42.el7.9.x86_64

mod_ssl

# httpd -M | grep ssl

or

# rpm -qa | grep ssl

You should install this Apache mod, http://httpd.apache.org/docs/2.0/mod/mod_info.html, it basically gives you a run down of the mods you're using and the Apache settings. I have this enabled on my Apache and it gives me this info for my website,

Server Version: Apache/2.2.3 (Debian) mod_jk/1.2.18 PHP/5.2.0-8+etch13 mod_ssl/2.2.3 OpenSSL/0.9.8c mod_perl/2.0.2 Perl/v5.8.8

If you just run openssl in your terminal it should present the openSSL shell. My first clue to knowing that I didn't have mode_ssl was when I got the following error after adding SSLEngine on in my virtualhost file:

Invalid command 'SSLEngine', perhaps misspelled or defined by a module not included in the server configuration

In centos I just had to install it via yum install mod_ssl

Just look in the ssl_engine.log in your Apache log directory where you should find something like:

[ssl:info] [pid 5963:tid 139718276048640] AH01876: mod_ssl/2.4.9 compiled against Server: Apache/2.4.9, Library: OpenSSL/1.0.1h

Create a test.php file with the following code in a www folder:

<?php echo phpinfo();?>

When you navigate to that page/URL in the browser. You will see something similar if you have openssl enabled:

Enable mod_ssl in httpd.conf and restart the apache. You will see the openssl information in error.log as below

[Fri Mar 23 15:13:38.448268 2018] [mpm_worker:notice] [pid 8891:tid 1] AH00292: Apache/2.4.29 (Unix) OpenSSL/1.0.2n configured -- resuming normal operations
[Fri Mar 23 15:13:38.448502 2018] [core:notice] [pid 8891:tid 1] AH00094: Command line: '/opt/apps/apache64/2.4.29/bin/httpd'

to verify in php command lie

 $php -i | grep openssl

In my case this is how I got the information:

• find where apache logs are located, and go there, in my case:

  cd /var/log/apache2

• find in which log openssl information can be found:

  grep -i apache.*openssl *_log

  e.g. error_log ...

• to get fresh information, restart apache, e.g.

  rcapache2 restart # or service apache2 restart

• check for last entries in the log, e.g.

  /var/log/apache2 # tail error_log

  [Thu Jun 09 07:42:24 2016] [notice] Apache/... (Linux/...) mod_ssl/2.2.22 OpenSSL/1.0.1t ...

To find the ssl version

1. Go to Apache bin folder in command prompt
2. Enter these commands "openssl version"