[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

how to insall SSL on httpd CentOS

Posted on 2011-10-10
3
Medium Priority
?
801 Views
Last Modified: 2012-05-12
Hello,

I have a virtual directory on /var/www/virtual/www.domain.com ,and i want install 3rd-party SSL certification (which i purchased from one of SSL providers).

I generate CSR and sent it to SSL provider and get 3 files domain.crt and externalCARoot.crt and CompanySecureServerCA.crt

my vhost configuration file located at /etc/httpd/conf.d with name of vhost.www.domain.com.conf

Please, help me how should I config SSL certification for this vhost to visitor don't receive invalid certification error when visiting my website.

Thanks
0
Comment
Question by:re-searcher
3 Comments
 
LVL 4

Assisted Solution

by:Christopher Raymond Mendoza
Christopher Raymond Mendoza earned 200 total points
ID: 36946575
Hello re-searcher,

This is what our file usually contains:

    NameVirtualHost xxx.xxx.xxx.xxx:443
    <VirtualHost xxx.xxx.xxx.xxx:443>
        CustomLog logs/domain.com:443_access_log common
        DocumentRoot /var/www/domain.com/
        ErrorLog logs/domain.com:443_error_log
        ServerAdmin webmaster@domain.com
        ServerName domain.com
        SSLEngine on
        SSLCertificateChainFile /etc/pki/tls/certs/RootCA.crt
        SSLCertificateFile /etc/pki/tls/certs/domain.com.crt
        SSLCertificateKeyFile /etc/pki/tls/private/domain.com.key
    </VirtualHost>

A sample configuration similar to the above is usually given by SSL providers.
0
 
LVL 8

Accepted Solution

by:
vinsvin earned 1200 total points
ID: 36946807
Getting the required software

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL.

Use yum to get them if you need them.

yum install mod_ssl openssl
Yum will either tell you they are installed or will install them for you.

Generate a self-signed certificate

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you will need a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands

openssl genrsa -out ca.key 1024 # Generate private key

# Generate CSR
openssl req -new -key ca.key -out ca.csr

# Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Move the files to the correct locations
mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr
Then we need to update the Apache SSL configuration file

vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
Change the paths to match where the Key file is stored. If you've used the method above it will be

SSLCertificateFile /etc/pki/tls/certs/ca.crt
Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Quit and save the file and then restart Apache

/etc/init.d/httpd restart
All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self signed browsers will generally ask you whether you want to accept the certificate. Firefox 3 won't let you connect at all but you can override this.

Setting up the virtual hosts

Just as you set virtual hosts for http on port 80 so you do for https on port 433. A typical virtual host for a site on port 80 looks like this

<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
</VirtualHost>
To add a sister site on port 443 you need to add the following at the top of your file

NameVirtualHost *:443
and then a VirtualHost record something like this:

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>
Restart Apache again using

/etc/init.d/httpd restart
You should now have a site working over https. If you can't connect you probably need to open the port on your firewall:

iptables -A INPUT -p tcp --dport 443 -j ACCEPT /sbin/service iptables save iptables -L -v
0
 
LVL 6

Assisted Solution

by:mohansahu
mohansahu earned 600 total points
ID: 36947603
Hi ,

Here is the step by step process for enabling ssh on httpd.

CentOS has different configuration for ssl and all certificate generation configuration files have been moved to /etc/pki/tls dir.

Here are the steps to make CentOS apache+ssl (Self-signed certificate)

1. go to /etc/pki/tls/certs
2. make mycert.pem
3. Enter the information about country,state,city,host name etc, your certificate and key has been created .
4. now go to /etc/httpd/conf.d/ssl.conf and change..
SSLCACertificateFile /etc/pki/tls/certs/mycert.pem
SSLCACertificateKeyFile /etc/pki/tls/mycert.pem
5. save changes.
6. on shell prompt service httpd start

thats it!!!
For more detail ,Plz have a look in the below link.

http://linuxconfig.org/apache-web-server-ssl-authentication

MS

0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question