Tuncay Sahin

ICT Engineer | Docent ICT & Trainer

This document describes the steps to enable SSL Certificate on Apache Webserver to encrypt a site’s information and create a more secure connection. Additionally, the certificate can show the virtual private server’s identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the virtual server’s details while a self-signed certificate has no 3rd party corroboration.

Install Mod SSL

First to be sure that Apache Mod SSL are installed:

Install SSL module

yum install mod_ssl

Load SSL module in Apache

LoadModule ssl_module modules/mod_ssl.so

Listen 443

 

Copy your SSL certificate to your server

First copy your Certificate files to your server, for example to the following locations:

create a new directory where the server key and certificate will be stored mkdir /etc/httpd/ssl
Certificate /etc/httpd/ssl/exampledomain.com.crt
Certificate Key /etc/httpd/ssl/exampledomain.com.key
CA Certificate /etc/httpd/ssl/bundle.crt

Creating the self-signed SSL certificate

Run the cmmand below:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

This command will prompt terminal to display a lists of fields that need to be filled in. The most important line is “Common Name”. Enter your official domain name here.

Remove default Apache virtual host

By default mod_ssl sets up a virtual host that we don’t need.

Edit /etc/httpd/conf.d/ssl.conf and remove the virtual host definition from

“<VirtualHost _default_:443>” to “</VirtualHost>”.

Enable SSL

Setup your virtual hosts to display the new certificate. Add the directives from the template below to your SSL configuration (for example /etc/httpd/conf.d/vhosts.conf), to enable SSL on your site:

Here’s a template for the virtual host definition:

<VirtualHost *:443>

DocumentRoot /var/www/vhosts/ exampledomain.com /httpdocs

ServerName exampledomain.com

ServerAlias www. exampledomain.com

ErrorLog logs/ exampledomain.com -ssl-error_log

CustomLog logs/ exampledomain.com -ssl-access_log common

<Directory /var/www/vhosts/exampledomain.com /httpdocs>

AllowOverride All

</Directory>

 

SSLEngine on

SSLProtocol -ALL +SSLv3 +TLSv1

SSLCipherSuite ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXPORT

SSLCertificateFile /etc/pki/tls/certs/ exampledomain.com.crt

SSLCertificateKeyFile /etc/pki/tls/private/ exampledomain.com.key

SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.crt

 

<Location/>

SSLRequireSSL

</Location>

 

</VirtualHost>

The SSLEngine On directive turns SSL on.
Restart Apache to reload your changes.

Troubleshooting

  • If you get a message like this on httpd restart “[warn] _default_ VirtualHost overlap on port 443, the first has precedence” then you’ve not removed the default virtual host created by mod_ssl.
  • You may need to adjust the iptables configuration to allow traffic to TCP port 443.

Meer informatie

Voor meer informatie of voor een persoonlijk adviesgesprek kunt u altijd vrijblijvend contact met mij opnemen.

E-Mail

info@tuncaysahin.nl