:: Setup SSL in Apache

:: What is SSL
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for privacy and a keyed message authentication code for message reliability. :: wikepedia

:: Generate CSR
+ Create directory for ssl file

mkdir cd /etc/httpd/conf/ssl
cd /etc/httpd/conf/ssl

0 1	mkdir cd /etc/httpd/conf/ssl cd /etc/httpd/conf/ssl

+ Generate a encrypted private key file

openssl genrsa -des3 -out domainname.key 2048

0	openssl genrsa -des3 -out domainname.key 2048

You could also create a private key without file encryption if you do not want to enter the pass phrase when starting your web server:

openssl genrsa -out domainname.key 2048

0	openssl genrsa -out domainname.key 2048

To view the contents of the private key, use the following command:

openssl rsa -noout -text -in domainname.key

0	openssl rsa -noout -text -in domainname.key

+ Create a CSR with the RSA private key

openssl req -new -key domainname.key -out domainname.csr

0	openssl req -new -key domainname.key -out domainname.csr

To view the contents of CSR

openssl req -noout -text -in domainname.csr

0	openssl req -noout -text -in domainname.csr

+ Submit the CSR on Certificate Authority Provider

+ Create a backup of your private key, if you lose this file, you must purchase a new certificate.

:: Installing SSL on Apache

+ Checking permission
Make sure your certificate file have permission 644 (-rw-r–r–)

cd /etc/httpd/conf/ssl
chmod 644 *

0 1	cd /etc/httpd/conf/ssl chmod 644 *

+ Checking ServerName
Make sure the ServerName is not set in the SSL virtualhost that it matches the default ServerName of the server in httpd.conf

vi /etc/httpd/conf/httpd.conf
## setup ServerName like this:
ServerName www.domainname.tld

vi /etc/httpd/conf/httpd.conf

## setup ServerName like this:

ServerName www.domainname.tld

+ Setup SSL on VirtualHost

cd /etc/httpd/sites
vi domainname.tld.conf

0 1	cd /etc/httpd/sites vi domainname.tld.conf

Setup VirtualHost like this:

&lt;VirtualHost YOUR_IP_ADDR:443&gt;
    ServerName domainname.tld
    ServerAlias www.domainname.tld
    DocumentRoot /var/www/vhosts/documentroot/
    ErrorLog logs/domainname.tld-error_log
    CustomLog logs/domainname.tld-access_log common
    
    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl/domainname.crt
    SSLCertificateKeyFile /etc/httpd/ssl/domainname.key
    SSLCACertificateFile /etc/httpd/ssl/cert/intermediate.crt
    
     &lt;Directory "/var/www/vhosts/documentroot"&gt;
            Options Indexes FollowSymLinks
            AllowOverride all
            Order allow,deny
            Allow from all
     &lt;/Directory&gt;    
&lt;/VirtualHost&gt;

ServerName domainname.tld

ServerAlias www.domainname.tld

DocumentRoot /var/www/vhosts/documentroot/

ErrorLog logs/domainname.tld-error_log

CustomLog logs/domainname.tld-access_log common

SSLEngine on

SSLCertificateFile /etc/httpd/conf/ssl/domainname.crt

SSLCertificateKeyFile /etc/httpd/ssl/domainname.key

SSLCACertificateFile /etc/httpd/ssl/cert/intermediate.crt

Options Indexes FollowSymLinks

AllowOverride all

Order allow,deny

Allow from all

</Directory>

</VirtualHost>

+ Restart httpd

apachectl configtest
apachectl stop
apachectl start

apachectl configtest

apachectl stop

apachectl start

/etc/init.d/httpd restart

0	/etc/init.d/httpd restart

:: Links
+ Google
+ RapidSSL
+ QuestionDefense

Leave a Reply

Archives

Categories

:: Setup SSL in Apache

Leave a Reply

Tags

Archives

Categories