How to Secure the website Using SSL on CentOS 7.6
Secure the Website Using SSL certificate On CentOS 7.6
Procedure :
Install the packages that secire the web site by using the following command.
[root@linuxhelp ~]# yum install mod_ssl openssl -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.dhakacom.com
* epel: ftp.riken.jp
* extras: mirror.nbrc.ac.in
* remi-php72: ftp.riken.jp
* remi-safe: ftp.riken.jp
* updates: mirror.nbrc.ac.in
.
.
.
.
.
Installed:
mod_ssl.x86_64 1:2.4.6-89.el7.centos
Updated:
openssl.x86_64 1:1.0.2k-16.el7_6.1
Dependency Updated:
httpd.x86_64 0:2.4.6-89.el7.centos httpd-tools.x86_64 0:2.4.6-89.el7.centos openssl-libs.x86_64 1:1.0.2k-16.el7_6.1
Complete!
Generate the private key by using the following command
[root@linuxhelp ~]# openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................+++
.............................................................+++
e is 65537 (0x10001)
Generate the certificate signing request by using the following command
[root@linuxhelp ~]# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:LinuxHelp1
Common Name (eg, your name or your server's hostname) []:192.168.7.229
Email Address []:abc@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Linuxc@25abcd
An optional company name []:Lucky
Generate self signed ssl certificate with 365 active days
[root@linuxhelp ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=IN/ST=TN/L=Default City/O=Default Company Ltd/OU=LinuxHelp1/CN=192.168.7.229/emailAddress=abc@example.com
Getting Private key
Copy the generated certificates in their appropriate locations.
[root@linuxhelp ~]# cp ca.crt /etc/pki/tls/certs
[root@linuxhelp ~]# cp ca.key /etc/pki/tls/private/
[root@linuxhelp ~]# cp ca.csr /etc/pki/tls/private
Open a ssl configuration file and modify the following changes.
root@linuxhelp ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Create a virtualhost for secure the website as follows:
[root@linuxhelp ~]# vim /etc/httpd/conf.d/trail.conf
< VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
servername www.linuxhelp1.com
Documentroot /var/www/html
< /VirtualHost>
Navigate to docuemnt root directory to create a html file
[root@linuxhelp ~]# cd /var/www/html
[root@linuxhelp html]# vim index.html
<h1>
Hello You Awesome People out there.
</h1>
Test the configuration file of Apache
[root@linuxhelp html]# httpd -t
Syntax OK
Restart the service of Apache.
root@linuxhelp html]# systemctl restart httpd
Open the browser and enter the server name as follows: