Here we are going to configuring Apache using SSL using self-signed certificates using openssl.
I preassume that you already configured your webserver and its running perfectly.
Firstly install the openssl package using yum command
# yum install openssl -y
I preassume that you already configured your webserver and its running perfectly.
Firstly install the openssl package using yum command
# yum install openssl -y
# openssl genrsa -des3 -out server.key 1024
Generating RSA private key, 1024 bit long modulus
.................................++++++
Generating RSA private key, 1024 bit long modulus
.................................++++++
..............................
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: (Here Enter the passphrase you entered in the first step)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:ANDHRA PRADESH
Locality Name (eg, city) [Newbury]:HYDERABAD
Organization Name (eg, company) [My Company Ltd]:EXAMPLE
Organizational Unit Name (eg, section) []:TECHNICAL
Common Name (eg, your name or your server's hostname) []:webserver.example.com (Here specify the FQDN of the host machine)
Email Address []:support@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: (press enter)
An optional company name []: (press enter)
# cp server.key server.key.old
# openssl rsa -in server.key.old -out server.key
Enter pass phrase for server.key.old:
writing RSA key
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# yum install httpd* mod_ssl* -y
# cp -rvf server.crt /etc/pki/tls/certs
# cp -rvf server.key /etc/pki/tls/private
# ls -ldZ /etc/pki/tls/certs (If SELinux is Enabled, SELinux Content should be cert_t)
# ls -ldZ /etc/pki/tls/private (If SELinux is Enabled, SELinux Content should be cert_t)
Configure your apache as per your needs
Configuring SSL for apache
# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
e is 65537 (0x10001)
Enter pass phrase for server.key:
Verifying - Enter pass phrase for server.key:
# openssl req -new -key server.key -out server.csr
Enter pass phrase for server.key: (Here Enter the passphrase you entered in the first step)
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:ANDHRA PRADESH
Locality Name (eg, city) [Newbury]:HYDERABAD
Organization Name (eg, company) [My Company Ltd]:EXAMPLE
Organizational Unit Name (eg, section) []:TECHNICAL
Common Name (eg, your name or your server's hostname) []:webserver.example.com (Here specify the FQDN of the host machine)
Email Address []:support@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: (press enter)
An optional company name []: (press enter)
# cp server.key server.key.old
# openssl rsa -in server.key.old -out server.key
Enter pass phrase for server.key.old:
writing RSA key
# openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
# yum install httpd* mod_ssl* -y
# cp -rvf server.crt /etc/pki/tls/certs
# cp -rvf server.key /etc/pki/tls/private
# ls -ldZ /etc/pki/tls/certs (If SELinux is Enabled, SELinux Content should be cert_t)
# ls -ldZ /etc/pki/tls/private (If SELinux is Enabled, SELinux Content should be cert_t)
Configure your apache as per your needs
Configuring SSL for apache
# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
Save and exit
# service httpd restart
# service httpd restart
Open firefox and test the website using HTTPS (Ex: https://www.webserver.example.