Apache HTTP Server HTTPS secure connection using Self-Signed SSL
on Apache.
Install Prerequisites first:
You need to install mod_ssl apache module using the following
command if it is already not installed on the server:
[root@linuxcnf
~]# yum install mod_ssl
|
Generate a self-signed certificate if already not exist on the
server:
First, you need to generate a private key ca.key with
2048-bit encryption.
[root@linuxcnf
~]# openssl genrsa -out ca.key 2048
|
Then generate the certificate signing
request cs.csr using the below command.
[root@linuxcnf
~]#openssl req -new -key ca.key -out ca.csr
|
You will be prompted for information about the certificate.
[root@linuxcnf
~]# openssl genrsa -out ca.key 2048
Generating
RSA private key, 2048 bit long modulus
..................+++
................................................+++
e is
65537 (0x10001)
[root@linuxcnf
~]# openssl req -new -key ca.key -out ca.csr
You
are about to be asked to enter information that will be incorporated
into
your certificate request.
What
you are about to enter is what is called a Distinguished Name or a DN.
There
are quite a few fields but you can leave some blank
For
some fields there will be a default value,
If
you enter '.', the field will be left blank.
-----
Country
Name (2 letter code) [XX]:IN
State
or Province Name (full name) []:TL
Locality
Name (eg, city) [Default City]:Hyderabad
Organization
Name (eg, company) [Default Company Ltd]:Linuxcnf
Organizational
Unit Name (eg, section) []:IT
Common
Name (eg, your name or your server's hostname) []:www.linuxcnf.com
Email
Address []:admin@linuxcnf.com
Please
enter the following 'extra' attributes
to be
sent with your certificate request
A
challenge password []:admin
An
optional company name []:
[root@linuxcnf
~]#
|
Finally, self-signed certificate ca.crt generated valid for
365 Days.
[root@linuxcnf
~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
|
After creating the certificate, you need to copy all of the
certificate files to the default directories.
[root@linuxcnf
~]# cp –p ca.crt /etc/pki/tls/certs/
[root@linuxcnf
~]# cp –p ca.key /etc/pki/tls/private/
[root@linuxcnf
~]# cp –p ca.csr /etc/pki/tls/private/
|
Set up the certificates
Setting for apache config file to display generated certificate you
can do this by editing the SSL config file:
[root@linuxcnf
~]# vi /etc/httpd/conf.d/ssl.conf
|
Find the section that begins with <VirtualHost
_default_:443>. Uncomment the DocumentRoot and ServerName line and
replace servername with your server's IP address.
DocumentRoot
"/var/www/html"
ServerName
192.168.1.10:443
|
Next, find
the SSLCertificateFile and SSLCertificateKeyFile lines and
update them with the new location of the certificates
SSLEngine
on
SSLCertificateFile
/etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile
/etc/pki/tls/private/ca.key
|
After making these changes, restart Apache service for the changes
to take effect.
[root@linuxcnf
~]# service httpd reload
|
Self-Signed
configuration is done!!!!
No comments:
Post a Comment