Configuring Self Signed Certificate
Install the below packages
# yum install openssl* -y
# yum install mod_ssl* -y
Now open SSL configuration file and update the below entries:
# vim /etc/pki/tls/openssl.cnf
dir =
/etc/pki/CA # Where everything
is kept
certificate =
$dir/kalyan.crt # The CA certificate
crl = $dir/kalyan.crl # The current CRL
private_key =
$dir/private/kalyan.key # The private key
Now under [ req_distinguished_name ] section modify below
parameters as
countryName_default = IN
stateOrProvinceName_default = AP
localityName_default = Hyd
0.organizationName_default = Example
Now save and exit.
Now create the required directories as shown below:
cd /etc/pki/CA
mkdir {certs,crl,newcerts}
touch index.txt
echo "01" > serial
Be in /etc/pki/CA directory and run below commands:
# (umask 077; openssl genrsa -out private/kalyan.key -des3 2048)
Enter pass phrase for private/kalyan.key:redhat
Verifying - Enter pass phrase for private/kalyan.key:redhat
# openssl req -new -x509 -key private/kalyan.key -days 365 > kalyan.crt
Enter pass phrase for private/kalyan.key:redhat
Country Name (2 letter code) [IN]:IN
State or Province Name (full name) [AP]:AP
Locality Name (eg, city) [Hyd]:Hyd
Organization Name (eg, company) [Example]:Example
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:sample.kalyan.com
Email Address []:ikalyanp@gmail.com
Now verify the certificate & key files in the below locations:
ls /etc/pki/CA/kalyan.crt
ls /etc/pki/CA/private/kalyan.key
Now the SSL Self signed certificate was generated.
Configuring Secure Apache
Install the packages
# yum install httpd* -y
Restart the service : service httpd restart
Now host a sample site
# vim /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName sample.kalyan.com
ErrorLog logs/kalyan-error_log
CustomLog logs/kalyan-access_log common
</VirtualHost>
Save and exit the file
Create a sample html web page in /var/www/html directory
# vim /var/www/html/index.html
This is sample site
Save and exit
Now it is the time to define the certificate and key files in the ssl.conf file
# vim /etc/httpd/conf.d/ssl.conf
line no 112
SSLCertificateFile /etc/pki/CA/kalyan.crt
line no 119
SSLCertificateKeyFile /etc/pki/CA/private/kalyan.key
save & exit
Now restart the apache service
# /etc/init.d/httpd restart
Here you will be prompted for SSL key password. To avoid this follow the below procedure:
Take a backup of the key file
cp /etc/pki/CA/private/kalyan.key /etc/pki/CA/private/kalyan.key_bkp
# cd /etc/pki/CA/private/
Now remove the password for the key using below command, Otherwise while restarting httpd service you will be prompted to enter the SSL key password
#openssl rsa -in kalyan.key_bkp -out kalyan.key
Enter pass phrase for kalyan.key_bkp:redhat
Now restart the apache service and observer that you will not be prompted for password.
# /etc/init.d/httpd restart
If u want to redirect http request to https then do the following
# vim /etc/httpd/conf/httpd.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName kalyan.com
ErrorLog logs/kalyan-error_log
CustomLog logs/kalyan-access_log common
Redirect / https://sample.kalyan.com
</VirtualHost>
save and exit
Restart the service.
# service httpd restart
Now browse http://sample.kalyan.com & https://sample.kalyan.com
Happy Browsing ...... :)
No comments:
Post a Comment