Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Rhel5

Download as PPT, PDF
Y
Yash Gulati

This document provides steps to install and configure mod_ssl on CentOS/Fedora/Redhat to enable HTTPS on the Apache web server. It describes generating a self-signed certificate, editing the ssl.conf and httpd.conf configuration files to specify the certificate details and enable SSL, and restarting the Apache server to apply the changes.

1 of 7
HTTPS Hyper Text Transfer Protocol Secured Port No. 443
The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. How do I install and configure mod_ssl under CentOS / Fedora / Redhat Enterprise Linux? mod_ssl is the SSL/TLS module for the Apache HTTP server. You can use self signed certificate or 3rd party SSL certificate. This module provides SSL v2/v3 and TLS v1 support for the Apache HTTP Server. It was contributed by Ralf S. Engeschall based on his mod_ssl project and originally derived from work by Ben Laurie. This module relies on OpenSSL to provide the cryptography engine. HTTPS…….
HTTPS……….. Install mod_ssl [root@ localhost ~]# yum install mod_ssl First thing first, let’s create private key and certificate with self signature. RHEL6 provides utility called genkey to create certificates and send them to CA for signing. [root@ localhost ~]# openssl genrsa -des3 -out /etc/pki/CA/private/rcpl.key [root@ localhost ~]# openssl rsa -in /etc/pki/CA/private/rcpl.key -out tmp.pem Now we have to create CSR or Certificate Signing Request to self sign our certificate. CSR can be created with following command. [root@ localhost ~]# openssl req -new -key /etc/pki/CA/private/rcpl.key -out tmp.csr
HTTPS……… We had to enter few details related to our certificate authenticity & organization. Let’s create signed certificate with generate CSR. In this case we are signing certificate by ourselves. We are not sending CSR to CA. [root@ localhost ~]# openssl x509 -req -days 100 -in tmp.csr –signkey /etc/pki/CA/private/rcpl.key -out /etc/pki/CA/rcpl.crt Apache SSL configurations should done inside following file. Add or replace necessary configuration snippets to specify new key and certificate. /etc/httpd/conf.d/ssl.conf
[root@ localhost ~]# vi /etc/httpd/conf.d/ssl.conf Listen ServerIP:443 <VirtualHost ServerName:443> SSLEngine On SSLCertificateFile /etc/pki/CA/rcpl.crt SSLCertificateKeyFile /etc/pki/CA/private/rcpl.key SSLProtocol All -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:+MD5 DocumentRoot "/var/www/html" ServerName ServerName:443 </VirtualHost> HTTPS…….
HTTPS……. Now edit /etc/httpd/conf/httpd.conf [root@ localhost ~]# vi /etc/httpd/conf/httpd.conf <Directory /var/www/html> SSLRequireSSL SSLOptions +StrictRequire SSLRequire %{HTTP_HOST} eq “ServerName" </Directory> Save the file and restart Apache Server. [root@ localhost ~]# service httpd restart
HTTPS……. Now edit /etc/httpd/conf/httpd.conf [root@ localhost ~]# vi /etc/httpd/conf/httpd.conf <Directory /var/www/html> SSLRequireSSL SSLOptions +StrictRequire SSLRequire %{HTTP_HOST} eq “ServerName" </Directory> Save the file and restart Apache Server. [root@ localhost ~]# service httpd restart

More Related Content

Rhel5

  • 1. HTTPS Hyper Text Transfer Protocol Secured Port No. 443
  • 2. The mod_ssl module provides strong cryptography for the Apache Web server via the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. How do I install and configure mod_ssl under CentOS / Fedora / Redhat Enterprise Linux? mod_ssl is the SSL/TLS module for the Apache HTTP server. You can use self signed certificate or 3rd party SSL certificate. This module provides SSL v2/v3 and TLS v1 support for the Apache HTTP Server. It was contributed by Ralf S. Engeschall based on his mod_ssl project and originally derived from work by Ben Laurie. This module relies on OpenSSL to provide the cryptography engine. HTTPS…….
  • 3. HTTPS……….. Install mod_ssl [root@ localhost ~]# yum install mod_ssl First thing first, let’s create private key and certificate with self signature. RHEL6 provides utility called genkey to create certificates and send them to CA for signing. [root@ localhost ~]# openssl genrsa -des3 -out /etc/pki/CA/private/rcpl.key [root@ localhost ~]# openssl rsa -in /etc/pki/CA/private/rcpl.key -out tmp.pem Now we have to create CSR or Certificate Signing Request to self sign our certificate. CSR can be created with following command. [root@ localhost ~]# openssl req -new -key /etc/pki/CA/private/rcpl.key -out tmp.csr
  • 4. HTTPS……… We had to enter few details related to our certificate authenticity & organization. Let’s create signed certificate with generate CSR. In this case we are signing certificate by ourselves. We are not sending CSR to CA. [root@ localhost ~]# openssl x509 -req -days 100 -in tmp.csr –signkey /etc/pki/CA/private/rcpl.key -out /etc/pki/CA/rcpl.crt Apache SSL configurations should done inside following file. Add or replace necessary configuration snippets to specify new key and certificate. /etc/httpd/conf.d/ssl.conf
  • 5. [root@ localhost ~]# vi /etc/httpd/conf.d/ssl.conf Listen ServerIP:443 <VirtualHost ServerName:443> SSLEngine On SSLCertificateFile /etc/pki/CA/rcpl.crt SSLCertificateKeyFile /etc/pki/CA/private/rcpl.key SSLProtocol All -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:+MD5 DocumentRoot "/var/www/html" ServerName ServerName:443 </VirtualHost> HTTPS…….
  • 6. HTTPS……. Now edit /etc/httpd/conf/httpd.conf [root@ localhost ~]# vi /etc/httpd/conf/httpd.conf <Directory /var/www/html> SSLRequireSSL SSLOptions +StrictRequire SSLRequire %{HTTP_HOST} eq “ServerName" </Directory> Save the file and restart Apache Server. [root@ localhost ~]# service httpd restart
  • 7. HTTPS……. Now edit /etc/httpd/conf/httpd.conf [root@ localhost ~]# vi /etc/httpd/conf/httpd.conf <Directory /var/www/html> SSLRequireSSL SSLOptions +StrictRequire SSLRequire %{HTTP_HOST} eq “ServerName" </Directory> Save the file and restart Apache Server. [root@ localhost ~]# service httpd restart