AMP AMP

How to Secure the website Using SSL on CentOS 7.6

Secure the Website Using SSL certificate On CentOS 7.6

Procedure :

Install the packages that secire the web site by using the following command.

[root@linuxhelp ~]# yum install mod_ssl openssl -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: mirror.dhakacom.com
 * epel: ftp.riken.jp
 * extras: mirror.nbrc.ac.in
 * remi-php72: ftp.riken.jp
 * remi-safe: ftp.riken.jp
 * updates: mirror.nbrc.ac.in
.
.
.
.
.

Installed:
  mod_ssl.x86_64 1:2.4.6-89.el7.centos                                                                                                       

Updated:
  openssl.x86_64 1:1.0.2k-16.el7_6.1                                                                                                         

Dependency Updated:
  httpd.x86_64 0:2.4.6-89.el7.centos         httpd-tools.x86_64 0:2.4.6-89.el7.centos         openssl-libs.x86_64 1:1.0.2k-16.el7_6.1        

Complete!

Generate the private key by using the following command

[root@linuxhelp ~]# openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................+++
.............................................................+++
e is 65537 (0x10001)

Generate the certificate signing request by using the following command

[root@linuxhelp ~]# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:LinuxHelp1
Common Name (eg, your name or your server's hostname) []:192.168.7.229
Email Address []:abc@example.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Linuxc@25abcd
An optional company name []:Lucky

Generate self signed ssl certificate with 365 active days

[root@linuxhelp ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=IN/ST=TN/L=Default City/O=Default Company Ltd/OU=LinuxHelp1/CN=192.168.7.229/emailAddress=abc@example.com
Getting Private key

Copy the generated certificates in their appropriate locations.

[root@linuxhelp ~]# cp ca.crt /etc/pki/tls/certs
[root@linuxhelp ~]# cp ca.key /etc/pki/tls/private/
[root@linuxhelp ~]# cp ca.csr /etc/pki/tls/private

Open a ssl configuration file and modify the following changes.

root@linuxhelp ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Create a virtualhost for secure the website as follows:

[root@linuxhelp ~]# vim /etc/httpd/conf.d/trail.conf
< VirtualHost *:443> 
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
servername www.linuxhelp1.com
Documentroot /var/www/html
< /VirtualHost>

Navigate to docuemnt root directory to create a html file

[root@linuxhelp ~]# cd /var/www/html
[root@linuxhelp html]# vim index.html
<h1>
Hello You Awesome People out there.
</h1>

Test the configuration file of Apache

[root@linuxhelp html]# httpd -t
Syntax OK

Restart the service of Apache.

root@linuxhelp html]# systemctl restart httpd

Open the browser and enter the server name as follows: Click on Advanced and Add exception Confirm the security exception and view the content that has saved in the index.html With this,Using SSL vertificate secured the website On CentOS 7.6

FAQ
Q
What is a public/private key pair in SSL?
A
Each SSL Certificate contains a public/private key pair: a private key with the code and a public key used to decode it.
Q
Why does the website say the SSL certificate is 'Untrusted'?
A
The usual cause of Untrusted SSL Certificate is that the Comodo intermediate certificate has not been loaded.
Q
Why I have changed my server or moved to a different provider, how do I move the certificate?
A
The easiest way is to create a new CSR on the new machine and have the certificate re-issued.
Q
When trying to go to the site over HTTPS it displays the message 'The page cannot be displayed'?
A
Here usually caused by port 443 not allowed through the firewall or by the SSL Certificate not having a corresponding key file.
Q
Do you have any utilities that can help me install a SSL certificate?
A
Yes. If you are using Apache or IIS web servers, we offer a free utility which will help you generate a CSR, submit it to Comodo and then automatically install your SSL certificate.