SSL

SSL CERTFICATION SELF SIGNED
Table of Contents

    Introduction
    Requirements
    Set up the Apache HTTP server
    Update the package repository
    Disable SELinux
    Allow Apache through the firewall
    Create a test page
    Test the Apache HTTP server
    Set up a secure Apache HTTPS server with SSL
    Install SSL
    Generate a self-signed certificate
    Set up the certificates
    Test the secure Apache HTTPS server

Introduction

The Apache web server is one of the most popular and powerful web servers in the world. It is also one of the most secure web servers available. This tutorial will explain how to install and configure a basic and secure Apache web server in CentOS 7.
Requirements

    A server running CentOS v. 7
    A desktop machine running Linux
    A static IP Address for your server

Set up the Apache HTTP server

This section will walk you through the process of preparing your server for Apache, setting up Apache, and testing the installation.
Update the package repository

Before installing Apache, it is a good idea to update the package repository. You can do this by running the following commands:

sudo yum update -y
sudo yum install httpd -y

Disable SELinux

By default SELinux is enabled in CentOS 7. It is recommended that you disable it first.

You can disable SELinux by editing the /etc/selinux/config file:

sudo vi /etc/selinux/config

Change the line from SELINUX=enforcing to SELINUX=disabled

SELINUX=disabled

Save and close the file, then restart your machine for the changes to take effect.
Allow Apache through the firewall

You will need to allow the default Apache port 80 (HTTP) and 443 (HTTPS) using FirewallD.

You can do this by running the following commands:

 sudo firewall-cmd --permanent --add-port=80/tcp
 sudo firewall-cmd --permanent --add-port=443/tcp

Reload the firewall service for the changes to take effect.

 sudo firewall-cmd --reload

Create a test page

In CentOS7 the default Apache DocumentRoot path is /var/www/html/. However, there is no index.html file in this directory. You will need to create one.

sudo vi /var/www/html/index.html

Add the following content:

Apache index page

Restart the Apache service to reflect the changes:<br />
sudo systemctl start httpd

You can configure the Apache service to start on boot by running the following command:

sudo systemctl enable httpd

Test the Apache HTTP server

To verify that the Apache web server is up and running, open your web browser and go to your server's IP Address with the url http://your.server.ip.address.

You should see a default page like the one in the image below.

Apache test page

Set up a secure Apache HTTPS server with SSL

This section will walk you through setting up a secure HTTPS connection using SSL on Apache.
Install SSL

In order to secure Apache, you need to install SSL first.

You can install SSL using the following command:

sudo yum install mod_ssl openssl

Generate a self-signed certificate

First, you need to generate a private key ca.key with 2048-bit encryption.

sudo openssl genrsa -out ca.key 2048

Then generate the certificate signing request cs.csr using the following command.

sudo openssl req -new -key ca.key -out ca.csr

You will be prompted for information about the certificate.

SSL certificate

Finally, generate a self-signed certificate ca.crt of X509 type valid for 365 keys.

sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

After creating the certificate, you need to copy all of the certificate files to the necessary directories.

You can do this by running the following commands:

sudo cp ca.crt /etc/pki/tls/certs/
sudo cp ca.key /etc/pki/tls/private/
sudo cp ca.csr /etc/pki/tls/private/

Set up the certificates

All the certificates are ready. The next thing to do is to set up Apache to display the new certificates.

You can do this by editing the SSL config file:

sudo vi /etc/httpd/conf.d/ssl.conf

Find the section that begins with <VirtualHost _default_:443>. Uncomment the DocumentRoot and ServerName line and replace example.com with your server's IP address.

DocumentRoot "/var/www/html"
ServerName 192.168.1.42:443

Next, find the SSLCertificateFile and SSLCertificateKeyFile lines and update them with the new location of the certificates.

SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

After making these changes, restart Apache service for the changes to take effect.

sudo systemctl restart httpd

Test the secure Apache HTTPS server

To verify that the secure Apache HTTPS web server is working, open your web browser and go to your server's IP Address with the url https://your.server.ip.address.

An error should appear on your browser and you must manually accept the certificate.

Apache warning page

Once you add an exception to the browser's identity verification, you should see a test page for your newly-secure site.

Apache secure test page

Comments

Popular posts from this blog

Bsu

linux

Domain