Simple step by step guide to Configure SSL for APACHE webserver in RHEL/Centos/Oracle linux(5/6/7)


Simple step by step guide to Configure SSL for APACHE webserver in RHEL/Centos/Oracle linux(5/6/7)

In this article we learn how to configure SSL certificate for APACHE webserver in linux. SSL stands for secure socket layer which is used to transfer data over internet securely. Thus confidential data are transferred over internet in encrypted format for that hacker are not able to view the data and your confidential data kept secure.

Pre-requisite of configure SSL certificate for APACHE  webserver

To configure SSL certificate for APACHE webserver we need to install APACHE webserver package. To install the APACHE webserver packages please follow the below link.


After the we need to configure Virtual hosts. To do this follow the below steps.
Lets take an example we have a websites example1.com which will be hosted on a ip address which is 192.168.137.3.

To configure this we need to go to the configuration file of the APACHE webserver and create the VIrtualHosts.

<VirtualHost 192.168.137.3:80>
    ServerAdmin webmaster@example1.com
    DocumentRoot /var/www/html/example1.com
    ServerName example1.com
    ErrorLog logs/example1.com
    CustomLog logs/example1.com common
</VirtualHost>

Now we have to create the Document Root for this website. To create the Document Root we need to go “/var/www/html” directory and create one directory which is “example1.com” and then create index.html file inside the directory.

[root@localhost ~]# cd /var/www/html
[root@localhost html]# pwd
/var/www/html
[root@localhost html]# mkdir example1.com
 [root@localhost html]# cd example1.com/
[root@localhost example1.com]# echo "welcome to example1" > index.html

If we don’t have DNS server we entry the hostname of the server in”/etc/hosts” file.
After doing the above activity we start the APACHE webserver using the below command.
For linux(5/6)
#service httpd start
For linux7
#systemctl start httpd

To verify the service we execute curl command .
[root@localhost ~]# curl http://example1.com
welcome to example1

Steps to Configure SSL for APACHE webserver in linux(5/6/7)

Step1: to configure SSL certificate for APACHE server we need to install two packages one is openssl  and other is mod_ssl.

To install these two packages we need to execute the below command.

[root@localhost ~]# yum install openssl mod_ssl
Loaded plugins: ulninfo
Setting up Install Process
……
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.x86_64 1:2.2.15-69.0.1.el6 will be installed
---> Package openssl.x86_64 0:1.0.1e-48.el6 will be updated
---> Package openssl.x86_64 0:1.0.1e-57.0.6.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package      Arch        Version                  Repository              Size
================================================================================
…….
Transaction Summary
==============================================================================
Install       1 Package(s)
Upgrade       1 Package(s)

Total download size: 1.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): mod_ssl-2.2.15-69.0.1.el6.x86_64.rpm            |  98 kB     00:01
(2/2): openssl-1.0.1e-57.0.6.el6.x86_64.rpm            | 1.5 MB     00:22
------------------------------------------------------------------------------
Total                                          64 kB/s | 1.6 MB     00:25
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : openssl-1.0.1e-57.0.6.el6.x86_64                           1/3
  Installing : 1:mod_ssl-2.2.15-69.0.1.el6.x86_64                         2/3
  Cleanup    : openssl-1.0.1e-48.el6.x86_64                               3/3
  Verifying  : openssl-1.0.1e-57.0.6.el6.x86_64                           1/3
  Verifying  : 1:mod_ssl-2.2.15-69.0.1.el6.x86_64                         2/3
  Verifying  : openssl-1.0.1e-48.el6.x86_64                               3/3

Installed:
  mod_ssl.x86_64 1:2.2.15-69.0.1.el6

Updated:
  openssl.x86_64 0:1.0.1e-57.0.6.el6

Complete!

 

Step2: Generate private key using the below command.

[root@localhost ~]# openssl genrsa -out example.key 2048
Generating RSA private key, 2048 bit long modulus
...............................................................................................................+++
................+++
e is 65537 (0x10001)

Step3:Generate CSR using the below command.

[root@localhost ~]# openssl  req -new -key example.key -out example.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:county name
State or Province Name (full name) []:state name
Locality Name (eg, city) [Default City]:city name
Organization Name (eg, company) [Default Company Ltd]:company name
Organizational Unit Name (eg, section) []:section name
Common Name (eg, your name or your server's hostname) []:hostname
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Step4:Generate self-signed certificate  using the below command.

[root@localhost ~]# openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt
Signature ok
Getting Private key

Step5:copy key,csr and crt to the following location .

[root@localhost ~]# cp example.crt /etc/pki/tls/certs/
[root@localhost ~]# cp example.key /etc/pki/tls/private/
[root@localhost ~]# cp example.csr /etc/pki/tls/private/

Step6: configure SSL with ssl.conf file
Edit the” /etc/httpd/conf.d/ssl.conf” file and find SSLCertificateFile and  SSLCertificateKeyFile  and set the exact location .

SSLCertificateFile /etc/pki/tls/certs/example.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.key

Step7: configure SSL with virtualhosts
Replace 80 port with 443 and add the below lines between < VirtualHost></ VirtualHost>.

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/example.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.key

Now restart the APACHE webserver using the below command
For linux(5/6)
#service httpd restart
For linux7
#systemctl restart httpd

Now open the browser and type https://server ipaddress  and we will find the below output.


 
Simple step by step guide to Configure SSL for APACHE webserver in linux(5/6/7)

              Simple step by step guide to Configure SSL for APACHE webserver in linux(5/6/7)

















Please Donate To Bitcoin Address: [[address]]
Donation of [[value]] BTC Received. Thank You.
[[error]]
SHARE

Admin

  • Image
  • Image
  • Image
  • Image
  • Image
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment