Configure an SSL secured Website in CentOS

How to Configure an SSL secured Website in CentOS

 

  1. Getting the required software

 

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL. Use yum to get them if you need them. Your Hostway may already have these enabled.

 

'yum install mod_ssl openssl'

 

Yum will either tell you they are installed or will install them for you.

 

  1. Generate a self-signed certificate

 

Using OpenSSL we will generate a self-signed certificate. You can use a certificate from a Certificate Authority, however, it is not required.

 

# Generate private key

openssl genrsa -out yoursite.key 2048

 

# Generate CSR

openssl req -new -key yoursite.key -out yoursite.csr

 

# Generate Self Signed Key

openssl x509 -req -days 365 -in yoursite.csr -signkey yoursite.key -out yoursite.crt

 

# Copy the files to the correct locations cp yoursite.crt /etc/pki/tls/certs cp yoursite.key /etc/pki/tls/private/yoursite.key cp yoursite.csr /etc/pki/tls/private/yoursite.csr

 

Then we need to update the Apache SSL configuration file

 

vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf Change the paths to match where the Key file is stored. If you've used the method above it will be

 

 

SSLCertificateFile /etc/pki/tls/certs/yoursite.crt

 

Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:

 

 

SSLCertificateKeyFile /etc/pki/tls/private/yoursite.key

 

Quit and save the file and then restart Apache

 

 

/etc/init.d/httpd restart OR service httpd restart

 

All being well you should now be able to connect over https to your server and see a default Centos page. As the certificate is self-signed browsers will generally ask you whether you want to accept the certificate.

 

  1. Setting up the virtual hosts

 

Just as you set VirtualHosts for http on port 80 so you do for https on port 443. A typical VirtualHost for a site on port 80 looks like this

 

 

<VirtualHost *:80>

        <Directory /var/www/vhosts/yoursite.com/httpdocs>

        AllowOverride All

        </Directory>

        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs

        ServerName yoursite.com

</VirtualHost>

To add a sister site on port 443 you need to add the following at the top of your file

 

NameVirtualHost *:443

and then a VirtualHost record something like this:

 

<VirtualHost *:443>

        SSLEngine on

        SSLCertificateFile /etc/pki/tls/certs/yoursite.crt

        SSLCertificateKeyFile /etc/pki/tls/private/yoursite.key

        <Directory /var/www/vhosts/yoursite.com/httpsdocs>

        AllowOverride All

        </Directory>

        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs

        ServerName yoursite.com

</VirtualHost>

 

Restart Apache again using

 

/etc/init.d/httpd restart

 

  1. Configuring the firewall

 

You should now have a site working over https using a self-signed certificate. If you can't connect you may need to open the port on your firewall. To do this amend your iptables rules:

 

iptables -A INPUT -p tcp --dport 443 -j ACCEPT /sbin/service iptables save iptables -L -v

Was this article helpful?
0 out of 0 found this helpful

Have more questions? Contact our support instantly via Live Chat