Enabling HTTPS on Apache
03 November 2018
This assumes that Apache httpd is already running on the target Linux machine.
Install mod_sll and openssl. mod_ssl provides cryptography for Apache web server using SSL and TLS protocols while openssl is a toolkit that includes certificate management tool and share libraries which gives us various cryptogrpahic algorithms.
Install dependencies
$ sudo yum install mod_ssl openssl
=================================================================================================================================================
Package Arch Version Repository Size
=================================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.6-88.el7.centos base 112 k
Updating:
openssl x86_64 1:1.0.2k-16.el7 base 493 k
Updating for dependencies:
httpd x86_64 2.4.6-88.el7.centos base 2.7 M
httpd-tools x86_64 2.4.6-88.el7.centos base 90 k
openssl-libs x86_64 1:1.0.2k-16.el7 base 1.2 M
Transaction Summary
=================================================================================================================================================
Install 1 Package
Upgrade 1 Package (+3 Dependent packages)
Generate your private key
$ sudo openssl genrsa -out ca.key 2048
Generate Certificate Signing Request (CSR)
$ sudo openssl req -new -key ca.key -out ca.csr
Generate your self-signed certificate
$ sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Copy the generated files
sudo cp ca.crt /etc/pki/tls/certs
sudo cp ca.key /etc/pki/tls/private/ca.key
sudo cp ca.csr /etc/pki/tls/private/ca.csr
Edit ssl.conf
Open /etc/httpd/conf.d/ssl.conf file and change the following lines to:
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
# Requrired by Java when using a server certificate chain
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle-g2-g1.crt