Setting up https secure connection
Installing SSL
For an SSL encrypted web server you will need a few things. Depending on your install you may or may not have OpenSSL and mod_ssl, Apache's interface to OpenSSL.
yum -y install mod_ssl openssl
Generate private key
openssl genrsa -out ca.key 2048
Generate CSR
openssl req -new -key ca.key -out ca.csr
Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Move the files to the correct locations
mv ca.crt /etc/pki/tls/certs mv ca.key /etc/pki/tls/private/ca.key mv ca.csr /etc/pki/tls/private/ca.csr
Then we need to update the Apache SSL configuration file ( /etc/httpd/conf.d/ssl.conf ). Change the paths to match where the Key file is stored. If you've used the method above it will be.
SSLCertificateFile /etc/pki/tls/certs/ca.crt
Then set the correct path for the Certificate Key File a few lines below. If you've followed the instructions above it is:
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Quit and save the file and then restart Apache
/etc/init.d/httpd restart
Source: http://shapeshed.com/journal/setting_up_mod_ssl_on_apache_centos_52/
Troubleshooting:
If you cannot access GUI, try following commands:
chown apache.apache /var/log/httpd service httpd restart
Allow only https
If you would like your users to be automatically redirected to secure connection (https) - set up such virtual host in your apache configuration:
<VirtualHost *:80> TimeOut 600 ServerName www.example.com ServerAdmin webmaster@localhost Redirect permanent / https://www.example.com/ </VirtualHost>
Important notes
- When you disable http access and allow https only - please make sure that you change URL in various crontabs used by mor and located in /etc/cron.d/*
ERROR: When directory structure is visible
That means incorrect configuration.
... to be continued