Assume you already have openssl and Apache installed on your server.
Create a self-signed ssl certificate:
Generate the key file # openssl genrsa -out server.key 2048 If you need a passphrase, use the "-des3" option. Generate the request # openssl req -new -key server.key -out server.csr This command will prompt terminal to display a lists of fields that need to be filled in. Generate self signed certificate and give an expire date # openssl x509 -req -days 365 -in server.csr -signkey server.key -out server.crt
At this point you should have "server.csr", "server.key" and "server.crt" files.
Now we add the key and certificate into Apache:
Install ssl module for apache # yum -y install mod_ssl
Edit /etc/httpd/conf.d/ssl.conf file Uncomment and update the following lines:
DocumentRoot "/var/www/html" ServerName www.yourdomain.com:443
Update the file path:
SSLCertificateFile /etc/pki/tls/certs/server.crt SSLCertificateKeyFile /etc/pki/tls/certs/server.key
Make sure both files is only rw by the owner
# chmod 600 /etc/pki/tls/certs/server.crt # chmod 600 /etc/pki/tls/certs/server.key
Restart Apache:
# systemctl restart httpd.service
Now you should be able to access "https://yourdomain.com"
No comments:
Post a Comment