SSL
SSL CERTFICATION SELF SIGNED
Table of Contents
Introduction
Requirements
Set up the Apache HTTP server
Update the package repository
Disable SELinux
Allow Apache through the firewall
Create a test page
Test the Apache HTTP server
Set up a secure Apache HTTPS server with SSL
Table of Contents
Introduction
Requirements
Set up the Apache HTTP server
Update the package repository
Disable SELinux
Allow Apache through the firewall
Create a test page
Test the Apache HTTP server
Set up a secure Apache HTTPS server with SSL
Install SSL
Generate a self-signed certificate
Set up the certificates
Test the secure Apache HTTPS server
Generate a self-signed certificate
Set up the certificates
Test the secure Apache HTTPS server
Introduction
The Apache web server is one of the most popular and powerful web servers in the world. It is also one of the most secure web servers available. This tutorial will explain how to install and configure a basic and secure Apache web server in CentOS 7.
Requirements
A server running CentOS v. 7
A desktop machine running Linux
A static IP Address for your server
Set up the Apache HTTP server
This section will walk you through the process of preparing your server for Apache, setting up Apache, and testing the installation.
Update the package repository
Before installing Apache, it is a good idea to update the package repository. You can do this by running the following commands:
sudo yum update -y
sudo yum install httpd -y
Disable SELinuxsudo yum install httpd -y
By default SELinux is enabled in CentOS 7. It is recommended that you disable it first.
You can disable SELinux by editing the /etc/selinux/config file:
sudo vi /etc/selinux/config
Change the line from SELINUX=enforcing to SELINUX=disabled
SELINUX=disabled
Save and close the file, then restart your machine for the changes to take effect.SELINUX=disabled
Allow Apache through the firewall
You will need to allow the default Apache port 80 (HTTP) and 443 (HTTPS) using FirewallD.
You can do this by running the following commands:
sudo firewall-cmd --permanent --add-port=80/tcp
sudo firewall-cmd --permanent --add-port=443/tcp
Reload the firewall service for the changes to take effect.sudo firewall-cmd --permanent --add-port=443/tcp
sudo firewall-cmd --reload
Create a test page
In CentOS7 the default Apache DocumentRoot path is /var/www/html/. However, there is no index.html file in this directory. You will need to create one.
sudo vi /var/www/html/index.html
Add the following content:Apache index page
Restart the Apache service to reflect the changes:<br />
sudo systemctl start httpd
You can configure the Apache service to start on boot by running the following command:
sudo systemctl enable httpd
Test the Apache HTTP serverTo verify that the Apache web server is up and running, open your web browser and go to your server's IP Address with the url http://your.server.ip.address.
You should see a default page like the one in the image below.
Apache test page
Set up a secure Apache HTTPS server with SSL
This section will walk you through setting up a secure HTTPS connection using SSL on Apache.
Install SSL
In order to secure Apache, you need to install SSL first.
You can install SSL using the following command:
sudo yum install mod_ssl openssl
Generate a self-signed certificateFirst, you need to generate a private key ca.key with 2048-bit encryption.
sudo openssl genrsa -out ca.key 2048
Then generate the certificate signing request cs.csr using the following command.
sudo openssl req -new -key ca.key -out ca.csr
You will be prompted for information about the certificate.SSL certificate
Finally, generate a self-signed certificate ca.crt of X509 type valid for 365 keys.
sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
After creating the certificate, you need to copy all of the certificate files to the necessary directories.You can do this by running the following commands:
sudo cp ca.crt /etc/pki/tls/certs/
sudo cp ca.key /etc/pki/tls/private/
sudo cp ca.csr /etc/pki/tls/private/
Set up the certificatessudo cp ca.key /etc/pki/tls/private/
sudo cp ca.csr /etc/pki/tls/private/
All the certificates are ready. The next thing to do is to set up Apache to display the new certificates.
You can do this by editing the SSL config file:
sudo vi /etc/httpd/conf.d/ssl.conf
Find the section that begins with <VirtualHost _default_:443>. Uncomment the DocumentRoot and ServerName line and replace example.com with your server's IP address.DocumentRoot "/var/www/html"
ServerName 192.168.1.42:443
Next, find the SSLCertificateFile and SSLCertificateKeyFile lines and update them with the new location of the certificates.
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
After making these changes, restart Apache service for the changes to take effect.SSLCertificateKeyFile /etc/pki/tls/private/ca.key
sudo systemctl restart httpd
Test the secure Apache HTTPS server
To verify that the secure Apache HTTPS web server is working, open your web browser and go to your server's IP Address with the url https://your.server.ip.address.
An error should appear on your browser and you must manually accept the certificate.
Apache warning page
Once you add an exception to the browser's identity verification, you should see a test page for your newly-secure site.
Apache secure test page
Comments
Post a Comment