Tutorials

:: Setup SSL in Apache

:: What is SSL
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for privacy and a keyed message authentication code for message reliability. :: wikepedia
 
:: Generate CSR
+ Create directory for ssl file

mkdir cd /etc/httpd/conf/ssl
cd /etc/httpd/conf/ssl

+ Generate a encrypted private key file

openssl genrsa -des3 -out domainname.key 2048

You could also create a private key without file encryption if you do not want to enter the pass phrase when starting your web server:

openssl genrsa -out domainname.key 2048

To view the contents of the private key, use the following command:

openssl rsa -noout -text -in domainname.key

+ Create a CSR with the RSA private key

openssl req -new -key domainname.key -out domainname.csr

To view the contents of CSR

openssl req -noout -text -in domainname.csr

+ Submit the CSR on Certificate Authority Provider

+ Create a backup of your private key, if you lose this file, you must purchase a new certificate.
 
:: Installing SSL on Apache

+ Checking permission
Make sure your certificate file have permission 644 (-rw-r–r–)

cd /etc/httpd/conf/ssl
chmod 644 *

+ Checking ServerName
Make sure the ServerName is not set in the SSL virtualhost that it matches the default ServerName of the server in httpd.conf

vi /etc/httpd/conf/httpd.conf
## setup ServerName like this:
ServerName www.domainname.tld

+ Setup SSL on VirtualHost

cd /etc/httpd/sites
vi domainname.tld.conf

Setup VirtualHost like this:

<VirtualHost YOUR_IP_ADDR:443>
    ServerName domainname.tld
    ServerAlias www.domainname.tld
    DocumentRoot /var/www/vhosts/documentroot/
    ErrorLog logs/domainname.tld-error_log
    CustomLog logs/domainname.tld-access_log common

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl/domainname.crt
    SSLCertificateKeyFile /etc/httpd/ssl/domainname.key
    SSLCACertificateFile /etc/httpd/ssl/cert/intermediate.crt

     <Directory "/var/www/vhosts/documentroot">
            Options Indexes FollowSymLinks
            AllowOverride all
            Order allow,deny
            Allow from all
     </Directory>
</VirtualHost>

+ Restart httpd

apachectl configtest
apachectl stop
apachectl start

or

/etc/init.d/httpd restart

 
:: Links
+ Google
+ RapidSSL
+ QuestionDefense

Hi, I’m Sysadmin.ID

Leave a Reply

Your email address will not be published. Required fields are marked *