Secure Apache WebServer using SSL Certificates in Linux
In Linux,Apache is the most widely used WebServer , will make it secure by implementing SSL Certificates. I am assuming httpd package(i.e apache software) is already installed on the linux box.
Step 1: Install the necessary packages
[root@localhost /]# yum install mod_ssl openssl
Step 2: Generate the self signed certificate.
Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands.
# Generate private key using below command
[root@localhost /]# openssl genrsa -out server.key 1024
# Now create certificate Signing Request(CSR) With Server RSA Private Key using below command
[root@localhost /# openssl req -new -key server.key -out server.csr
# Now choose the CA to Sign Your Server’s Certificate , using below command
[root@localhost /#openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crt
Now we have successfully created and signed a certificate and Copy the files to the correct locations
[root@localhost~]#cp server.crt etc/pki/tls/certs
[root@localhost~]#cp server.key etc/pki/tls/private
[root@localhost~]#cp server.csr /etc/pki/tls/private
Step 3: edit the ssl.conf file
[root@localhost ~]# vi /etc/httpd/conf.d/ssl.conf
Change the paths to match where the Key file is stored. If you’ve used the method above it will be
Save & quit the file and restart the apache serivce
[root@localhost ~]# /etc/init.d/httpd restart
Step 4: modify the httpd.conf file
[root@localhost ~]# vi /etc/httpd/conf/httpd.conf
Save & quit and Put the html files in /var/www/html and restart httpd service using below command :
[root@localhost html]# /etc/init.d/httpd restart
Step 4 : If your web server is running behind the firewall , then open 443 port. Once all the steps are done , we can access the our website “https://www.prewebhost.com” using webroswer.