blackonsole
Sysadmin.ID

:: Setup SSL in Apache

1 min read

:: What is SSL
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the Internet. TLS and SSL encrypt the segments of network connections above the Transport Layer, using asymmetric cryptography for privacy and a keyed message authentication code for message reliability. :: wikepedia
 
:: Generate CSR
+ Create directory for ssl file

mkdir cd /etc/httpd/conf/ssl
cd /etc/httpd/conf/ssl

+ Generate a encrypted private key file

openssl genrsa -des3 -out domainname.key 2048

You could also create a private key without file encryption if you do not want to enter the pass phrase when starting your web server:

openssl genrsa -out domainname.key 2048

To view the contents of the private key, use the following command:

openssl rsa -noout -text -in domainname.key

+ Create a CSR with the RSA private key

openssl req -new -key domainname.key -out domainname.csr

To view the contents of CSR

openssl req -noout -text -in domainname.csr

+ Submit the CSR on Certificate Authority Provider

+ Create a backup of your private key, if you lose this file, you must purchase a new certificate.
 
:: Installing SSL on Apache

+ Checking permission
Make sure your certificate file have permission 644 (-rw-r–r–)

cd /etc/httpd/conf/ssl
chmod 644 *

+ Checking ServerName
Make sure the ServerName is not set in the SSL virtualhost that it matches the default ServerName of the server in httpd.conf

vi /etc/httpd/conf/httpd.conf
## setup ServerName like this:
ServerName www.domainname.tld

+ Setup SSL on VirtualHost

cd /etc/httpd/sites
vi domainname.tld.conf

Setup VirtualHost like this:

<VirtualHost YOUR_IP_ADDR:443>
    ServerName domainname.tld
    ServerAlias www.domainname.tld
    DocumentRoot /var/www/vhosts/documentroot/
    ErrorLog logs/domainname.tld-error_log
    CustomLog logs/domainname.tld-access_log common

    SSLEngine on
    SSLCertificateFile /etc/httpd/conf/ssl/domainname.crt
    SSLCertificateKeyFile /etc/httpd/ssl/domainname.key
    SSLCACertificateFile /etc/httpd/ssl/cert/intermediate.crt

     <Directory "/var/www/vhosts/documentroot">
            Options Indexes FollowSymLinks
            AllowOverride all
            Order allow,deny
            Allow from all
     </Directory>
</VirtualHost>

+ Restart httpd

apachectl configtest
apachectl stop
apachectl start

or

/etc/init.d/httpd restart

 
:: Links
+ Google
+ RapidSSL
+ QuestionDefense

Sysadmin.ID
«
»

How to fix problem with…

Facing a Git error with the 'vi' editor? Discover how to easily fix it by checking your Vim path and configuring Git to use...
Sysadmin.ID
Jun 20, 2014 10 sec read

Apache :: MP4 Streaming

Learn how to enable MP4 streaming in Apache with the installation of the mod_h264 streaming module, making your video content accessible and efficient. Follow...
Sysadmin.ID
Mar 2, 2013 18 sec read

Apache :: Flash / FLV…

Learn how to effortlessly configure Apache for FLV streaming by installing the mod_flvx module and updating your httpd.conf file. Discover the simple steps to...
Sysadmin.ID
Mar 2, 2013 15 sec read

Leave a Reply

Your email address will not be published. Required fields are marked *