Difference between revisions of "Setting up https secure connection"

From Kolmisoft Wiki
Jump to navigationJump to search
m
Line 18: Line 18:
  mv ca.csr /etc/pki/tls/private/ca.csr
  mv ca.csr /etc/pki/tls/private/ca.csr


Then we need to update the Apache SSL configuration file. Change the paths to match where the Key file is stored. If you've used the method above it will be.
Then we need to update the Apache SSL configuration file ( /etc/httpd/conf.d/ssl.conf ). Change the paths to match where the Key file is stored. If you've used the method above it will be.


  SSLCertificateFile /etc/pki/tls/certs/ca.crt   
  SSLCertificateFile /etc/pki/tls/certs/ca.crt   

Revision as of 07:50, 29 February 2012

Installing SSL

For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL.

yum -y install mod_ssl openssl 

Generate private key

openssl genrsa -out ca.key 1024 

Generate CSR

openssl req -new -key ca.key -out ca.csr

Generate Self Signed Key

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Move the files to the correct locations

mv ca.crt /etc/pki/tls/certs
mv ca.key /etc/pki/tls/private/ca.key
mv ca.csr /etc/pki/tls/private/ca.csr

Then we need to update the Apache SSL configuration file ( /etc/httpd/conf.d/ssl.conf ). Change the paths to match where the Key file is stored. If you've used the method above it will be.

SSLCertificateFile /etc/pki/tls/certs/ca.crt  

Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key  

Quit and save the file and then restart Apache

/etc/init.d/httpd restart

Source: http://shapeshed.com/journal/setting_up_mod_ssl_on_apache_centos_52/

Troubleshooting:

If you cannot access GUI, try following commands:

chown apache.apache /var/log/httpd
service httpd restart