Install ssl certificate on Centos7 to secure Apache
SSL is a web protocol that is used to send trafic between server and client in a secured manner. It provides secure and encrypted transactions between the browser and websites
In the following tutorial, we will see how to secure Apache Web server in Centos-7 through SSL. We are going to create our own certificate and learn how to configure it. If you want to host a public site with SSL support, then you need to purchase an SSL certificate from a trusted certificate authority.
First we need to install httpd package.
[root@lampblogs ~]# yum install httpd
once apache package is isntalled install mod_ssl which is an Apache module that provides support for SSL encryption.
[root@lampblogs ~]# yum install mod_ssl openssl
Installed: mod_ssl.x86_64 1:2.4.6-89.el7.centos.1 Updated: openssl.x86_64 1:1.0.2k-16.el7_6.1 Dependency Updated: openssl-libs.x86_64 1:1.0.2k-16.el7_6.1
Now generate private key
[root@lampblogs ~]# openssl genrsa -out ca.key 2048 Generating RSA private key, 2048 bit long modulus ..............................+++ .......................................................+++ e is 65537 (0x10001)
Generate certificate signing request (csr)
[root@lampblogs ~]# openssl req -new -key ca.key -out ca.csr
Country Name (2 letter code) [XX]:IN State or Province Name (full name) :TN Locality Name (eg, city) [Default City]:Hyderabad Organization Name (eg, company) [Default Company Ltd]:Lampblogs Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) :lampblogs.com Email Address :firstname.lastname@example.org
Finally, generate a self-signed certificate ca.crt
[root@lampblogs ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt Signature ok subject=/C=IN/ST=TN/L=Hyderabad/O=Lampblogs/CN=lampbll\x08 Getting Private key
Now edit apache ssl config file
[root@lampblogs ~]# vi /etc/httpd/conf.d/ssl.conf
add below lines (sample output)
<VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile /etc/pki/tls/private/ca.key servername lamp.com Documentroot /var/www/html </VirtualHost>
Add the service and the port number to the firewall
firewall-cmd --permanent --add-service=https firewall-cmd --permanent --add-port=443/tcp firewall-cmd --reload
verify config file and start httpd service
[root@lampblogs ~]# httpd -t Syntax OK [root@lampblogs ~]# systemctl restart httpd
Now open browser and check your website.