Simple step by step guide to Configure SSL for APACHE webserver in RHEL/Centos/Oracle linux(5/6/7)
In this
article we learn how to configure SSL certificate for APACHE webserver in linux.
SSL stands for secure socket layer which is used to transfer data over internet
securely. Thus confidential data are transferred over internet in encrypted format
for that hacker are not able to view the data and your confidential data kept
secure.
Pre-requisite of configure SSL certificate for APACHE webserver
To
configure SSL certificate for APACHE webserver we need to install APACHE
webserver package. To install the APACHE webserver packages please follow the
below link.
After the
we need to configure Virtual hosts. To do this follow the below steps.
Lets take
an example we have a websites example1.com which will be hosted on a ip address
which is 192.168.137.3.
To
configure this we need to go to the configuration file of the APACHE webserver
and create the VIrtualHosts.
<VirtualHost
192.168.137.3:80>
ServerAdmin webmaster@example1.com
DocumentRoot /var/www/html/example1.com
ServerName example1.com
ErrorLog logs/example1.com
CustomLog logs/example1.com common
</VirtualHost>
Now we have
to create the Document Root for this website. To create the Document Root we
need to go “/var/www/html” directory and create one directory which is “example1.com”
and then create index.html file inside the directory.
[root@localhost ~]# cd
/var/www/html
[root@localhost html]#
pwd
/var/www/html
[root@localhost html]#
mkdir example1.com
[root@localhost html]# cd example1.com/
[root@localhost
example1.com]# echo "welcome to example1" > index.html
If we don’t have DNS server we entry
the hostname of the server in”/etc/hosts” file.
After doing the above activity we
start the APACHE webserver using the below command.
For linux(5/6)
#service httpd start
For linux7
#systemctl start httpd
To verify the service we execute
curl command .
[root@localhost ~]#
curl http://example1.com
welcome to example1
Steps to Configure SSL for APACHE webserver in linux(5/6/7)
Step1: to
configure SSL certificate for APACHE server we need to install two packages one
is openssl and other is mod_ssl.
To install
these two packages we need to execute the below command.
[root@localhost ~]#
yum install openssl mod_ssl
Loaded plugins: ulninfo
Setting up Install
Process
……
Resolving Dependencies
--> Running
transaction check
---> Package
mod_ssl.x86_64 1:2.2.15-69.0.1.el6 will be installed
---> Package
openssl.x86_64 0:1.0.1e-48.el6 will be updated
---> Package
openssl.x86_64 0:1.0.1e-57.0.6.el6 will be an update
--> Finished
Dependency Resolution
Dependencies
Resolved
================================================================================
Package
Arch Version Repository Size
================================================================================
…….
Transaction
Summary
==============================================================================
Install 1 Package(s)
Upgrade 1 Package(s)
Total download size:
1.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/2):
mod_ssl-2.2.15-69.0.1.el6.x86_64.rpm
| 98 kB 00:01
(2/2):
openssl-1.0.1e-57.0.6.el6.x86_64.rpm
| 1.5 MB 00:22
------------------------------------------------------------------------------
Total 64
kB/s | 1.6 MB 00:25
Running
rpm_check_debug
Running Transaction
Test
Transaction Test
Succeeded
Running Transaction
Updating
: openssl-1.0.1e-57.0.6.el6.x86_64 1/3
Installing :
1:mod_ssl-2.2.15-69.0.1.el6.x86_64 2/3
Cleanup
: openssl-1.0.1e-48.el6.x86_64 3/3
Verifying
: openssl-1.0.1e-57.0.6.el6.x86_64 1/3
Verifying
: 1:mod_ssl-2.2.15-69.0.1.el6.x86_64 2/3
Verifying
: openssl-1.0.1e-48.el6.x86_64 3/3
Installed:
mod_ssl.x86_64 1:2.2.15-69.0.1.el6
Updated:
openssl.x86_64 0:1.0.1e-57.0.6.el6
Complete!
Step2:
Generate private key using the below command.
[root@localhost ~]# openssl
genrsa -out example.key 2048
Generating RSA private
key, 2048 bit long modulus
...............................................................................................................+++
................+++
e is 65537 (0x10001)
Step3:Generate CSR using the below
command.
[root@localhost ~]#
openssl req -new -key example.key -out
example.csr
You are about to be
asked to enter information that will be incorporated
into your certificate
request.
What you are about to
enter is what is called a Distinguished Name or a DN.
There are quite a few
fields but you can leave some blank
For some fields there
will be a default value,
If you enter '.', the
field will be left blank.
-----
Country Name (2 letter
code) [XX]:county name
State or Province Name
(full name) []:state name
Locality Name (eg,
city) [Default City]:city name
Organization Name (eg,
company) [Default Company Ltd]:company name
Organizational Unit
Name (eg, section) []:section name
Common Name (eg, your
name or your server's hostname) []:hostname
Email Address []:
Please enter the
following 'extra' attributes
to be sent with your
certificate request
A challenge password
[]:
An optional company
name []:
Step4:Generate self-signed
certificate using the below command.
[root@localhost ~]#
openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt
Signature ok
Getting Private key
Step5:copy key,csr and crt to the
following location .
[root@localhost ~]# cp
example.crt /etc/pki/tls/certs/
[root@localhost ~]# cp
example.key /etc/pki/tls/private/
[root@localhost ~]# cp
example.csr /etc/pki/tls/private/
Step6: configure
SSL with ssl.conf file
Edit the” /etc/httpd/conf.d/ssl.conf”
file and find SSLCertificateFile and SSLCertificateKeyFile and set the exact location .
SSLCertificateFile /etc/pki/tls/certs/example.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.key
Step7: configure
SSL with virtualhosts
Replace 80 port with 443 and add the
below lines between < VirtualHost></
VirtualHost>.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/example.crt
SSLCertificateKeyFile /etc/pki/tls/private/example.key
Now restart the APACHE webserver
using the below command
For linux(5/6)
#service httpd restart
For linux7
#systemctl restart
httpd
Now open the browser and type https://server ipaddress and we will find the below output.
Simple step by step guide to Configure SSL for APACHE webserver in linux(5/6/7)
Please Donate To Bitcoin Address: [[address]]
Donation of [[value]] BTC Received. Thank You.
[[error]]
0 comments:
Post a Comment