How To Install and Configure OpenSSL Certificate for Apache on REDHAT 8.5

To Install and Configure openssl Certificate for Apache on REDHAT 8.5

Introduction:

The SSL/TLS security protocol protects data confidentiality and integrity during transit. By encrypting data between the web browser and web server, it ensures confidentiality. Furthermore, the webserver and browser exchange keys to decrypt the data, ensuring its integrity.

Installation Procedure:

Step 1: Check the installed version of OS by using the below command

[root@linuxhelp ~]# cat /etc/os-release 
NAME="Red Hat Enterprise Linux"
VERSION_ID="8.5"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Red Hat Enterprise Linux 8.5 (Ootpa)"

Step 2: Install the Apache Web Server by using the below command

[root@linuxhelp ~]# yum install httpd
Updating Subscription Management repositories.
Unable to read consumer identity
================================================================================
 Package             Arch    Version                                   Repo
                                                                           Size
================================================================================
Installing:
apr-util-bdb        x86_64  1.6.1-6.el8                               1   25 k
 apr-util-openssl    x86_64  1.6.1-6.el8                               1   27 k

Transaction Summary
================================================================================
Install  17 Packages

Total download size: 5.9 M
Installed size: 19 M
Is this ok [y/N]: y
Downloading Packages:
(1/17): apr-1.6.3-12.el8.x86_64.rpm             6.4 MB/s | 130 kB     00:00    
(16/17): openldap-devel-2.4.46-18.el8.x86_64.rp  61 MB/s | 812 kB     00:00    
(17/17): redhat-logos-httpd-84.5-1.el8.noarch.r  10 MB/s |  29 kB     00:00    
--------------------------------------------------------------------------------
 
  redhat-logos-httpd-84.5-1.el8.noarch                                          

Complete!

Step 3: Enable the Services of Apache server by using the below command

 [root@linuxhelp ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.

Step 4: Start the Services of Apache server by using the below command

 [root@linuxhelp ~]# systemctl start httpd

Step 5: Add the firewall for http by using the below command

[root@linuxhelp ~]# firewall-cmd --permanent --add-service=http
Success

Step 6: Add the firewall for https by using the below command

[root@linuxhelp ~]# firewall-cmd --permanent --add-service=https
Success

Step 7: Reload the Firewall by using the below command

[root@linuxhelp ~]# firewall-cmd --reload
success

Step 8: Install The mod_ssl ,an Apache module for SSL encryption by using the below command

 [root@linuxhelp ~]# yum install mod_ssl
Updating Subscription Management repositories.
Unable to read consumer identity

This system is not registered with an entitlement server. You can use subscription-manager to register.

Last metadata expiration check: 0:02:42 ago on Friday 13 May 2022 08:15:27 AM IST.
Dependencies resolved.
================================================================================
 Package    Arch      Version                                        Repo  Size


================================================================================
Installing:
 mod_ssl    x86_64    1:2.4.37-41.module+el8.5.0+11772+c8e0c271      1    136 k
Is this ok [y/N]: y
Downloading Packages:
mod_ssl-2.4.37-41.module+el8.5.0+11772+c8e0c271  21 MB/s | 136 kB     00:00    
--------------------------------------------------------------------------------
Complete!

Step 9: Restart the apache server by using the below command

 [root@linuxhelp ~]# systemctl restart httpd

Step 10: create the SSL key and certificate by using the below command

 [root@linuxhelp ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/apache-selfsigned.key -out /etc/pki/tls/certs/apache-selfsigned.crt
Generating a RSA private key
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:CHENNAI 
Organization Name (eg, company) [Default Company Ltd]:EXAMPLE
Organizational Unit Name (eg, section) []:EXAMPLE 1
Common Name (eg, your name or your server's hostname) []:192.168.6.127
Email Address []:linuxserver@example.com

Step11: Create the Virtual Host configuration by using the below command

[root@linuxhelp ~]# vim /etc/httpd/conf.d/test.conf
<VirtualHost *:443>
    ServerName linuxhelp.com
    DocumentRoot /var/www/html/test
    SSLEngine on
    SSLCertificateFile /etc/pki/tls/certs/apache-selfsigned.crt
    SSLCertificateKeyFile /etc/pki/tls/private/apache-selfsigned.key
</VirtualHost>

Step 12: Make the directory by the name of test by using the below command

 [root@linuxhelp ~]# mkdir /var/www/html/test

Step 13: change the directory on following path by using the below command

[root@linuxhelp ~]# cd /var/www/html/test

Step 14: Create .html extension file by using the below command

 [root@linuxhelp test]# vi index.html
	<h1> welocome To Linuxhelp.com</h1>

Step 15: put the host entry by using the below command

 [root@linuxhelp test]# vim /etc/hosts
	192.168.6.127 linuxhelp.com

Step 16: Check the Apache configuration for syntax errors by using the below command

 [root@linuxhelp test]# apachectl configtest
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:fe86:be5c. Set the 'ServerName' directive globally to suppress this message
Syntax OK

Step 17: Reload the Apache server by using the below command

[root@linuxhelp test]# systemctl reload httpd

Step 18: Reload the firewall by using the below command

 [root@linuxhelp test]# firewall-cmd --reloads
success

Step 19: Go to your favorite Browser and search your domain as shown in the below image

Step 20 click Advanced as shown in the below image

Step 21: Click Accept the Risk and Continue as shown in the below image

Output

By this to Install and Configure openssl Certificate for Apache on REDHAT 8.5 is Completed.

Tag : OpenSSL Apache redhat
FAQ
Q
5. What do you mean by X509 in OpenSSL?
A
Ans: The x509 command is a multi-purpose certificate utility. It can be used to display certificate information, convert certificates to various forms, sign certificate requests like a "mini CA" or edit certificate trust settings.
Q
4. What does S/MIME do in OpenSSL?
A
Ans: The OpenSSL S/MIME utility is useful for signing and encrypting S/MIME messages. S/MIME messages can be signed by multiple signers, encrypted, decrypted, and verified.
Q
3. Discuss some public-key encryption algorithms used in SSL.
A
Ans: Public key encryption is used to exchange the symmetric key between browser and web server. Some of the algorithms used Elliptic curve cryptography (ECC), RSA, etc.
Q
2. What is a Certificate Signing Request (CSR)?
A
Ans: Certificate Signing Request or CSR is encoded information that contains the applicant's information such as a common name, a name of an organization, email address, city, state, and country. This encoded information is used by certifying authority (CA) to issue an SSL certificate to the applicant.
Q
1, What are SSL/TLS certificates?
A
Ans: SSL/TLS is a standard security protocol that ensures the confidentiality and integrity of data while in transit. It encrypts the data flow between the web browser and web server, hence ensuring confidentiality. Also, the webserver and browser exchanges key to decrypt the data, which ensures the integrity of the data.