Friday, 9 December 2011

install ssl certificate apache

1. install the mod_ssl

#yum install mod_ssl

2. Generate key and csr

#openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

3. Enter the requested information:

         * Common Name: The fully-qualified domain name, or URL, you're securing.
           If you are requesting a Wildcard certificate, add an asterisk (*) to the left of the common name where you want the wildcard, for example *.coolexample.com.
         * Organization: The legally-registered name for your business. If you are enrolling as an individual, enter the certificate requestor's name.
         * Organization Unit: If applicable, enter the DBA (doing business as) name.
         * City or Locality: Name of the city where your organization is registered/located. Do not abbreviate.
         * State or Province: Name of the state or province where your organization is located. Do not abbreviate.
         * Country: The two-letter International Organization for Standardization (ISO) format country code for where your organization is legally registered.

           If you do not want to enter a password for this SSL, you can leave the Passphrase field blank. However, please understand there might be additional risks.

4. sign the request and generate crt

5. Copy key,crt,bundle to

SSLCertificateFile /etc/pki/tls/certs/yourdomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/yourdomain.com.key
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt

6. add the below lines in httpd.conf

<VirtualHost IP:443>
SSLEngine on
       SSLCertificateFile /etc/pki/tls/certs/yourdomain.com.crt
       SSLCertificateKeyFile /etc/pki/tls/private/yourdomain.com.key
       SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
DocumentRoot /home/domains/yourdomain.com
ServerName yourdomain.com
ServerAlias www.yourdomain.com
</VirtualHost>

or
change the below lines and set the correct path in /etc/httpd/conf.d/ssl.conf


SSLCertificateFile /etc/pki/tls/certs/yourdomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/yourdomain.com.key
SSLCertificateChainFile /etc/pki/tls/certs/gd_bundle.crt
ServerName yourdomain.com

7. restart apache

By default Apache SSL runs on 443 port. Open a web browser and verify that you can access your Apache using https://yourdomain.com

No comments:

Post a Comment