Tuesday, March 5, 2013

Setting Up SSL in Apache on RedHat Linux


Pre-Requisites
openssl package needs to be available in the Web Server.


Setup a SSL certificate.
First step is to generate and setup an SSL certificate for a domain(www.example.com) and generate a RSA & CSR (Signing Request)
[root@web1 root]# mkdir /etc/httpd/conf/ssl.key
[root@web1 root]# mkdir /etc/httpd/conf/ssl.csr
[root@web1 root]# mkdir /etc/httpd/conf/ssl.crt
[root@web1 root]# cd /etc/httpd/conf/ssl.key
Generate the RSA without a pass phrase:
Generating a RSA private key without a pass phrase (I recommended this, otherwise when apache restarts, you have to enter a pass phrase which can leave the server offline until someone inputs the pass phrase)
[root@web1/etc/httpd/conf/ssl.key]# openssl genrsa –out example.key 2048
Generate the CSR using the RSA Private Key:
[root@web1/etc/httpd/conf/ssl.key]# openssl req -new –key example.key -out example.csr
You will be asked to enter your
Common Name: DOMAIN NAME or SERVERNAME or PUBLIC IP
Organization: YOUR ORGANIZATION
Organization Unit: UNIT
City or Locality: LOCAL CITY
State or Province: STATE
Country: IN (IN FOR INDIA)
Email address:EMAIL ID
[root@web1/etc/httpd/conf/ssl.key]# mv example.csr /etc/httpd/conf/ssl.csr/


Now you should have:
/etc/httpd/conf/ssl.key/example.key, /etc/httpd/conf/ssl.csr/example.csr


Now you need to submit your CSR to your provider and they will mail you the certificate. They usually also send you a confirmation email before the certificate is sent out. Now that you have the certificate.


Installing the Certificate for Apache


[root@web1 root]# cd /etc/httpd/conf/ssl.crt
Copy the certificate that they mailed you to /etc/httpd/conf/ssl.crt/example.crt
Open your /etc/httpd/conf.d/ssl.conf file and place the following
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/example.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/example.key
JkMount /example*
Restart apache
[root@web1 /etc/httpd/conf/ssl.crt]#service httpd restart
You may be asked to enter the passphrase IF you generated the RSA with a passphrase. If you do NOT want to be asked for a passphrase when restarting apache, re-generate your RSA key file.
[root@web1 /etc/httpd/conf/ssl.crt]# cd ../ssl.key
[root@web1 /etc/httpd/conf/ssl.key]# mv example.key example.key.has- passphrase
[root@web1 /etc/httpd/conf/ssl.key]# openssl rsa -in example.key.has-passphrase -out examplein.key
And then restart apache again
[root@web1 /etc/httpd/conf/ssl.crt]#service httpd restart


Now you should be able to access https://www.example.com


In case you have any queries, please contact us on globalinfodictionary@gmail.com

No comments: