How to Install and Configure OpenSSL for Apache on Oracle Linux 8.8
To Install And Configure OpenSSL For Apache On Oracle Linux 8.8
Introduction:
The OpenSSL library implements the secure sockets layer and transport layer security protocols. In simple terms, SSL refers to a standard for keeping an internet connection secure and safeguarding sensitive data that is sent between two systems, preventing criminals from viewing or altering any information sent.
Installation Steps:
**Step 1: Check the version of OS by using the below command**
[root@linuxhelp ~]# cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="8.8"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="8.8"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Oracle Linux Server 8.8"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:oracle:linux:8:8:server"
HOME_URL="https://linux.oracle.com/"
BUG_REPORT_URL="https://github.com/oracle/oracle-linux"
ORACLE_BUGZILLA_PRODUCT="Oracle Linux 8"
ORACLE_BUGZILLA_PRODUCT_VERSION=8.8
ORACLE_SUPPORT_PRODUCT="Oracle Linux"
ORACLE_SUPPORT_PRODUCT_VERSION=8.8
Step 2: Install the Apache Web Server by using the below command
[root@linuxhelp ~]# yum -y install httpd
Oracle Linux 8 BaseOS Latest (x86_64) 19 kB/s | 3.6 kB 00:00
Oracle Linux 8 BaseOS Latest (x86_64) 9.1 MB/s | 59 MB 00:06
Oracle Linux 8 Application Stream (x86_64) 48 kB/s | 3.9 kB 00:00
Oracle Linux 8 Application Stream (x86_64) 9.4 MB/s | 47 MB 00:05
Latest Unbreakable Enterprise Kernel Release 6 35 kB/s | 3.0 kB 00:00
Latest Unbreakable Enterprise Kernel Release 6 9.7 MB/s | 72 MB 00:07
Last metadata expiration check: 0:00:25 ago on Thursday 06 July 2023 06:59:37 AM IST.
Dependencies resolved.
================================================================================
Package Arch Version Repository Size
================================================================================
Installing:
httpd x86_64 2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6
ol8_appstream 1.4 M
Installing dependencies:
apr x86_64 1.6.3-12.el8 ol8_appstream 129 k
apr-util x86_64 1.6.1-6.el8_8.1 ol8_appstream 105 k
httpd-filesystem noarch 2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6
ol8_appstream 43 k
httpd-tools x86_64 2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6
ol8_appstream 110 k
mod_http2 x86_64 1.15.7-8.module+el8.8.0+21057+13668aee.3
ol8_appstream 155 k
oracle-logos-httpd noarch 84.5-1.0.1.el8 ol8_baseos_latest 29 k
Installing weak dependencies:
apr-util-bdb x86_64 1.6.1-6.el8_8.1 ol8_appstream 25 k
apr-util-openssl x86_64 1.6.1-6.el8_8.1 ol8_appstream 27 k
Enabling module streams:
httpd 2.4
Transaction Summary
================================================================================
Install 9 Packages
Total download size: 2.0 M
Installed size: 5.4 M
Downloading Packages:
(1/9): oracle-logos-httpd-84.5-1.0.1.el8.noarch 151 kB/s | 29 kB 00:00
(2/9): apr-util-bdb-1.6.1-6.el8_8.1.x86_64.rpm 2.7 MB/s | 25 kB 00:00
(3/9): apr-util-openssl-1.6.1-6.el8_8.1.x86_64. 1.2 MB/s | 27 kB 00:00
(4/9): apr-1.6.3-12.el8.x86_64.rpm 491 kB/s | 129 kB 00:00
(5/9): apr-util-1.6.1-6.el8_8.1.x86_64.rpm 393 kB/s | 105 kB 00:00
(6/9): httpd-filesystem-2.4.37-56.0.1.module+el 693 kB/s | 43 kB 00:00
(7/9): httpd-tools-2.4.37-56.0.1.module+el8.8.0 1.5 MB/s | 110 kB 00:00
(8/9): mod_http2-1.15.7-8.module+el8.8.0+21057+ 2.7 MB/s | 155 kB 00:00
(9/9): httpd-2.4.37-56.0.1.module+el8.8.0+21057 5.4 MB/s | 1.4 MB 00:00
--------------------------------------------------------------------------------
Total 3.7 MB/s | 2.0 MB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : apr-1.6.3-12.el8.x86_64 1/9
Running scriptlet: apr-1.6.3-12.el8.x86_64 1/9
Installing : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 2/9
Installing : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 3/9
Installing : apr-util-1.6.1-6.el8_8.1.x86_64 4/9
Running scriptlet: apr-util-1.6.1-6.el8_8.1.x86_64 4/9
Installing : httpd-tools-2.4.37-56.0.1.module+el8.8.0+21057+13668 5/9
Running scriptlet: httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21057+ 6/9
Installing : httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21057+ 6/9
Installing : oracle-logos-httpd-84.5-1.0.1.el8.noarch 7/9
Installing : mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.x 8/9
Installing : httpd-2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6. 9/9
Running scriptlet: httpd-2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6. 9/9
Verifying : oracle-logos-httpd-84.5-1.0.1.el8.noarch 1/9
Verifying : apr-1.6.3-12.el8.x86_64 2/9
Verifying : apr-util-1.6.1-6.el8_8.1.x86_64 3/9
Verifying : apr-util-bdb-1.6.1-6.el8_8.1.x86_64 4/9
Verifying : apr-util-openssl-1.6.1-6.el8_8.1.x86_64 5/9
Verifying : httpd-2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6. 6/9
Verifying : httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21057+ 7/9
Verifying : httpd-tools-2.4.37-56.0.1.module+el8.8.0+21057+13668 8/9
Verifying : mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.x 9/9
Installed:
apr-1.6.3-12.el8.x86_64
apr-util-1.6.1-6.el8_8.1.x86_64
apr-util-bdb-1.6.1-6.el8_8.1.x86_64
apr-util-openssl-1.6.1-6.el8_8.1.x86_64
httpd-2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6.x86_64
httpd-filesystem-2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6.noarch
httpd-tools-2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6.x86_64
mod_http2-1.15.7-8.module+el8.8.0+21057+13668aee.3.x86_64
oracle-logos-httpd-84.5-1.0.1.el8.noarch
Complete!
Step 3: Enable the services of Apache by using the below command
[root@linuxhelp ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
Step 4: Start the Services of Apache by using the below command
[root@linuxhelp ~]# systemctl start httpd
Step 5: Check the Status of Apache by using the below command
[root@linuxhelp ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor prese>
Active: active (running) since Thu 2023-07-06 07:01:14 IST; 11s ago
Docs: man:httpd.service(8)
Main PID: 128655 (httpd)
Status: "Running, listening on: port 80"
Tasks: 213 (limit: 22942)
Memory: 27.0M
CGroup: /system.slice/httpd.service
├─128655 /usr/sbin/httpd -DFOREGROUND
├─128662 /usr/sbin/httpd -DFOREGROUND
├─128663 /usr/sbin/httpd -DFOREGROUND
├─128664 /usr/sbin/httpd -DFOREGROUND
└─128665 /usr/sbin/httpd -DFOREGROUND
Jul 06 07:01:14 linuxhelp systemd[1]: Starting The Apache HTTP Server...
Jul 06 07:01:14 linuxhelp httpd[128655]: AH00558: httpd: Could not reliably det>
Jul 06 07:01:14 linuxhelp systemd[1]: Started The Apache HTTP Server.
Jul 06 07:01:14 linuxhelp httpd[128655]: Server configured, listening on: port >
Step 6: Add the firewall for http by using the below command
[root@linuxhelp ~]# firewall-cmd --permanent --add-service=http
success
Step 7: Add the firewall for https by using the below command
[root@linuxhelp ~]# firewall-cmd --permanent --add-service=https
Success
Step 8: Reload the Firewall by using the below command
[root@linuxhelp ~]# firewall-cmd --reload
Success
Step 9: Install The mod_ssl by using the below command
[root@linuxhelp ~]# yum install mod_ssl*
Last metadata expiration check: 0:03:45 ago on Thursday 06 July 2023 06:59:37 AM IST.
Dependencies resolved.
================================================================================
Package
Arch Version Repository Size
================================================================================
Installing:
mod_ssl
x86_64 1:2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6 ol8_appstream 140 k
Transaction Summary
================================================================================
Install 1 Package
Total download size: 140 k
Installed size: 266 k
Is this ok [y/N]: y
Downloading Packages:
mod_ssl-2.4.37-56.0.1.module+el8.8.0+21057+1366 520 kB/s | 140 kB 00:00
--------------------------------------------------------------------------------
Total 492 kB/s | 140 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Installing : mod_ssl-1:2.4.37-56.0.1.module+el8.8.0+21057+13668ae 1/1
Running scriptlet: mod_ssl-1:2.4.37-56.0.1.module+el8.8.0+21057+13668ae 1/1
Verifying : mod_ssl-1:2.4.37-56.0.1.module+el8.8.0+21057+13668ae 1/1
Installed:
mod_ssl-1:2.4.37-56.0.1.module+el8.8.0+21057+13668aee.6.x86_64
Complete!
Step 10: Create the SSL key and certificate by using the below command
[root@linuxhelp ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/apache-selfsigned.key -out /etc/pki/tls/certs/apache-selfsigned.crt
Generating a RSA private key
..................................................+++++
.......................................................+++++
writing new private key to '/etc/pki/tls/private/apache-selfsigned.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:CHENNAI
Organization Name (eg, company) [Default Company Ltd]:Example
Organizational Unit Name (eg, section) []:test
Common Name (eg, your name or your server's hostname) []:192.168.6.136
Email Address []:abc@gmail.com
Step 11: Create a Directory in Apache root by using the below command
[root@linuxhelp ~]# mkdir /var/www/html/test
Step 12: Change the directory on following path by using the below command
root@linuxhelp ~]# cd /var/www/html/test
Step 13: Create .html extension file by using the below command
[root@linuxhelp test]# vi index.html
<h1> welocome To Linuxhelp.com</h1>
Step 14: Give Ownership by using the below command
[root@linuxhelp ]# chown -R apache:apache /var/www/html/test
Step15: Create the VirtualHost configuration by using the below command
[root@linuxhelp ~]# vim /etc/httpd/conf.d/test.conf
<virtualhost *:443>
ServerName linuxhelp1.com
Documentroot /var/www/html/test
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/pki/tls/private/apache-selfsigned.key
</virtualhost>
Step 16: Create host entry by using the below command
[root@linuxhelp ]# vim /etc/hosts
192.168.6.136 linuxhelp1.com
Step 17: Restart the Apache server by using the below command
[root@linuxhelp test]# systemctl restart httpd
Step 18: Go to Browser and search your domain as shown in the below image
Step 19: Click Advanced and Click Accept the Risk and Continue as shown in the below images
Conclusion:
We have reached the end of this article. In this guide, we have walked you through the steps required to Install and Configure OpenSSL Certificate for Apache on Oracle Linux 8.8. Your feedback is much welcome.
Q
Is OpenSSL good for encryption?
A
OpenSSL is a practical tool for ensuring your sensitive and secret messages can't be opened by outsiders.
Q
Is OpenSSL free?
A
OpenSSL is licensed under Apache and free to get and use
Q
Is OpenSSL still used?
A
It is widely used by Internet servers, including the majority of HTTPS websites.
Q
What is OpenSSL used for?
A
OpenSSL is an open-source command-line tool that is commonly used to generate private keys, create CSRs, install your SSL/TLS certificate, and identify certificate information
Q
Is OpenSSL thread-safe?
A
Yes but with some limitations; for example, an SSL connection cannot be used concurrently by multiple threads. This is true for most OpenSSL objects