Securing Apache with SSL certificate
1. install mod_ssl or openssl
[root@tct ~]# yum install mod_ssl openssl
Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands
1. Generate private key
[root@tct ~]# openssl genrsa -out cert.key 1024 2. Generate CSR(certificate request) [root@tct ~]# openssl req -new -key cert.key -out ca.csr
3. Generate Self Signed Key [root@tct ~]# openssl x509 -req -days 365 -in cert.csr -signkey cert.key -out cert.crt
3. Copy the files to the correct locations [root@tct ~]# cp cert.crt /etc/pki/tls/certs[root@tct ~]# cp cert.key /etc/pki/tls/private[root@tct ~]# cp cert.csr /etc/pki/tls/private
4. Import key to apache [root@tct ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/cert.crt SSLCertificateKeyFile /etc/pki/tls/private/cert.key wq: save n exit
5. Now restart apache [root@tct ~]# /etc/init.d/httpd restart;chkconfig httpd on 6. now open url to check if ssl is working using https://url
Setting up ssl for the virtual hosts
NameVirtualHost *:443
<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/cert.crt SSLCertificateKeyFile /etc/pki/tls/private/cert.key ServerAdmin root@.example.com DocumentRoot /var/www/html ServerName root.example.com DirectoryIndex test.html ErrorLog logs/test/error_log CustomLog logs/test/access_log common
No comments:
Post a Comment