Apache Configuration using Self Signed Certificate(SSL)

The SSL is Secure Socket Layer.

Public and Private keys :  establishes secure connection between Client and Webserver using strong encryption

Create Self signed Certificate for internal or testing purpose, for production / public access use certificate from trusted certificate authority

For Example:

GoDaddy ,  Verisign, Digicert & many more.

Configuration guide has prepared for following Platform and services

OS            : Centos

Webserver     : Apache

Packages      : httpd ,mod_ssl and openssl

Website       : demo.demo.com(intranet)

Hosting       : Virtual Hosting(name based)

Steps to configure SSL on apache webserver.

Step 1 : Install dependency software packages

Step 2 : Apache ,Start and set at boot level On

Step 3 : Disable selinux policy

Step 4 : Run below command to create a private key (256bit encryption)

Step 5 :  Generate CSR (Certificate Signing request) which holds the information like organization , domain, locality and country.

Step 6 : Generate Self Signed Key

Step 7 : Copy the file the below locations

Step 8 : Upate the apache SSL configuration file located in /etc/httpd/conf.d/ssl.conf

Step 9 : Configure Virtual Host for demo.demo.com and set the port 80 and 443 as show below (go to bottom of the configuration file)

Step 10 : Open any internet browser point the url to https://ip or https://domainname.com

Let us see the Steps in Details :

Step 1 : Install dependency software packages

#yum install mod_ssl openssl httpd httpd-devel

Step 2 :  Apache ,Start and set at boot level On

#service httpd start

#chkconfig httpd on

Step 3 : Disable selinux policy

#vi /etc/selinux/config

SELINUX=disabled

Save and Exit (reboot)

Step 4 : Run below command to create a private key (256bit encryption)

#openssl genrsa -out ca.key 2048

Step 5 :  Generate CSR (Certificate Signing request) which holds the information like organization , domain, locality and country.

#openssl req -new -key ca.key -out ca.csr

Step 6 : Generate Self Signed Key

#openssl x509 -req -days 500 -in ca.csr -signkey ca.key -out ca.crt

Step 7 : Copy the file the below locations

#cp ca.crt /etc/pki/tls/certs/

#cp ca.key ca.csr /etc/pki/tls/private/

Step 8 : Upate the apache SSL configuration file located in /etc/httpd/conf.d/ssl.conf

#vi /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/ca.crt

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Save and Exit than restart apache service

#service httpd restart

Step 9 : Configure Virtual Host for demo.demo.com and set the port 80 and 443 as show below (go to bottom of the configuration file)

#vi /etc/httpd/config/httpd.conf

<VirtualHost *:80>

<Directory /sites/demo.demo.com>

AllowOverride All

</Directory>

DocumentRoot /sites/demo.demo.com

ServerName demo.demo.com

</VirtualHost>

 

<VirtualHost *:443>

SSLEngine on

SSLCertificateFile /etc/pki/tls/certs/ca.crt

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

<Directory /sites/demo.demo.com>

AllowOverride All

</Directory>

DocumentRoot /sites/demo.demo.com

ServerName demo.demo.com

</VirtualHost>

Save and Exit , than restart apache services

9.1 reate folder “demo.demo.com” as mentioned RootDocument in httpd.conf

#mkdir -p /sites/demo.demo.com

9.2 Create index.html as shown below

#vi /sites/demo.demo.com/index.html

<html>

<head>

<title>Demo site </title>

</head>

<body>

<p>Welcome to https site using SSL</p>

</body>

</html>

Save & Exit!

9.3 Set the permissions as shown below.

#chown -R apache:apache /sites/demo.demo.com

#service httpd restart

Step 10 : Add DNS record for demo.yourdomain.com which points to webserver IP.  or modify hosts file to map IP to domain name for testing purpose.

Open any internet browser point the url to https://ip or https://domainname.com

Thanks for watching.

For more details  you can watch Video and also subscribe for more Videos :

Both comments and pings are currently closed.

Comments are closed.

Copyright ©Solutions@Experts.com
Copyright © NewWpThemes Techmark Solutions - www.techmarksolutions.co.uk