Setting up https secure connection

From Kolmisoft Wiki
Jump to navigationJump to search

Installing SSL

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL.

yum -y install mod_ssl openssl 

Generate private key

openssl genrsa -out ca.key 2048 

Generate CSR

openssl req -new -key ca.key -out ca.csr

Generate Self Signed Key

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Move the files to the correct locations

mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr

Then we need to update the Apache SSL configuration file ( /etc/httpd/conf.d/ssl.conf ). Change the paths to match where the Key file is stored. If you've used the method above it will be.

SSLCertificateFile /etc/pki/tls/certs/ca.crt  

Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key  

Quit and save the file and then restart Apache

/etc/init.d/httpd restart

Source: http://shapeshed.com/journal/setting_up_mod_ssl_on_apache_centos_52/

Troubleshooting:

If you cannot access GUI, try following commands:

chown apache.apache /var/log/httpd
service httpd restart

Allow only https

If you would like your users to be automatically redirected to secure connection (https) - set up such virtual host in your apache configuration:

<VirtualHost *:80>
       TimeOut 600
       ServerName www.example.com
       ServerAdmin webmaster@localhost
       Redirect permanent / https://www.example.com/
</VirtualHost>



Important notes

  • When you disable http access and allow https only - please make sure that you change URL in various crontabs used by mor and located in /etc/cron.d/*