How to Secure the website Using SSL on CentOS 7.6
- 00:25 yum install mod_ssl openssl -y
- 00:45 openssl genrsa -out ca.key 2048
- 00:57 openssl req -new -key ca.key -out ca.csr
- 01:28 openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
- 01:35 cp ca.crt /etc/pki/tls/certs
- 01:37 cp ca.key /etc/pki/tls/private/
- 01:46 cp ca.csr /etc/pki/tls/private
- 01:54 vim /etc/httpd/conf.d/ssl.conf
- 02:27 vim /etc/httpd/conf.d/trail.conf
Secure the Website Using SSL certificate On CentOS 7.6
Procedure :
Install the packages that secire the web site by using the following command.
[root@linuxhelp ~]# yum install mod_ssl openssl -y
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
* base: mirror.dhakacom.com
* epel: ftp.riken.jp
* extras: mirror.nbrc.ac.in
* remi-php72: ftp.riken.jp
* remi-safe: ftp.riken.jp
* updates: mirror.nbrc.ac.in
.
.
.
.
.
Installed:
mod_ssl.x86_64 1:2.4.6-89.el7.centos
Updated:
openssl.x86_64 1:1.0.2k-16.el7_6.1
Dependency Updated:
httpd.x86_64 0:2.4.6-89.el7.centos httpd-tools.x86_64 0:2.4.6-89.el7.centos openssl-libs.x86_64 1:1.0.2k-16.el7_6.1
Complete!
Generate the private key by using the following command
[root@linuxhelp ~]# openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
.............................................................+++
.............................................................+++
e is 65537 (0x10001)
Generate the certificate signing request by using the following command
[root@linuxhelp ~]# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:LinuxHelp1
Common Name (eg, your name or your server's hostname) []:192.168.7.229
Email Address []:abc@example.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:Linuxc@25abcd
An optional company name []:Lucky
Generate self signed ssl certificate with 365 active days
[root@linuxhelp ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=IN/ST=TN/L=Default City/O=Default Company Ltd/OU=LinuxHelp1/CN=192.168.7.229/emailAddress=abc@example.com
Getting Private key
Copy the generated certificates in their appropriate locations.
[root@linuxhelp ~]# cp ca.crt /etc/pki/tls/certs
[root@linuxhelp ~]# cp ca.key /etc/pki/tls/private/
[root@linuxhelp ~]# cp ca.csr /etc/pki/tls/private
Open a ssl configuration file and modify the following changes.
root@linuxhelp ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Create a virtualhost for secure the website as follows:
[root@linuxhelp ~]# vim /etc/httpd/conf.d/trail.conf
< VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
servername www.linuxhelp1.com
Documentroot /var/www/html
< /VirtualHost>
Navigate to docuemnt root directory to create a html file
[root@linuxhelp ~]# cd /var/www/html
[root@linuxhelp html]# vim index.html
<h1>
Hello You Awesome People out there.
</h1>
Test the configuration file of Apache
[root@linuxhelp html]# httpd -t
Syntax OK
Restart the service of Apache.
root@linuxhelp html]# systemctl restart httpd
Open the browser and enter the server name as follows:
Click on Advanced and Add exception
Confirm the security exception and view the content that has saved in the index.html
With this,Using SSL vertificate secured the website On CentOS 7.6
Comments ( 0 )
No comments available