:: What is SSL
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for privacy and a keyed message authentication code for message reliability. :: wikepedia
:: Generate CSR
+ Create directory for ssl file
|
1 2 |
mkdir cd /etc/httpd/conf/ssl
cd /etc/httpd/conf/ssl |
+ Generate a encrypted private key file
|
1 |
openssl genrsa -des3 -out domainname.key 2048 |
You could also create a private key without file encryption if you do not want to enter the pass phrase when starting your web server:
|
1 |
openssl genrsa -out domainname.key 2048 |
To view the contents of the private key, use the following command:
|
1 |
openssl rsa -noout -text -in domainname.key |
+ Create a CSR with the RSA private key
|
1 |
openssl req -new -key domainname.key -out domainname.csr |
To view the contents of CSR
|
1 |
openssl req -noout -text -in domainname.csr |
+ Submit the CSR on Certificate Authority Provider
+ Create a backup of your private key, if you lose this file, you must purchase a new certificate.
:: Installing SSL on Apache
+ Checking permission
Make sure your certificate file have permission 644 (-rw-r–r–)
|
1 2 |
cd /etc/httpd/conf/ssl
chmod 644 * |
+ Checking ServerName
Make sure the ServerName is not set in the SSL virtualhost that it matches the default ServerName of the server in httpd.conf
|
1 2 3 |
vi /etc/httpd/conf/httpd.conf
## setup ServerName like this:
ServerName www.domainname.tld |
+ Setup SSL on VirtualHost
|
1 2 |
cd /etc/httpd/sites
vi domainname.tld.conf |
Setup VirtualHost like this:
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 |
<VirtualHost YOUR_IP_ADDR:443>
ServerName domainname.tld
ServerAlias www.domainname.tld
DocumentRoot /var/www/vhosts/documentroot/
ErrorLog logs/domainname.tld-error_log
CustomLog logs/domainname.tld-access_log common
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl/domainname.crt
SSLCertificateKeyFile /etc/httpd/ssl/domainname.key
SSLCACertificateFile /etc/httpd/ssl/cert/intermediate.crt
<Directory "/var/www/vhosts/documentroot">
Options Indexes FollowSymLinks
AllowOverride all
Order allow,deny
Allow from all
</Directory>
</VirtualHost> |
+ Restart httpd
|
1 2 3 |
apachectl configtest
apachectl stop
apachectl start |
or
|
1 |
/etc/init.d/httpd restart |
:: Links
+ Google
+ RapidSSL
+ QuestionDefense