Thursday, January 21, 2016

Configure SSL for Apache Webserver

Following is the process to enable SSL on Apache webserver with Self Signed Certificates

1)    Add the below entry in HTTPD config file (/usr/local/apache2/conf/httpd.conf) on desired machine:

NameVirtualHost *:80
NameVirtualHost *:443

Include conf/vhosts/*.conf

2) Generate key:
openssl genrsa -out ca.key 2048

3)    Generate CSR:
OpenSSL> req -new -key ca.key -out ca.csr

Country Name (2 letter code) [XX]:
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:*****
An optional company name []:

4)     Generate Self Signed Key
openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out ca.crt

5)    Copy the files to the correct locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

6)    Create ssl.conf with the key entries:

SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

7)    Create a new virtual host file with SSL entries as below (/usr/local/apache2/conf/vhosts vhost_crk_ssl.conf)

< VirtualHost *:443 >

  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certsca.crt
  SSLCertificateKeyFile /etc/pki/tls/private/ca.key


< VirtualHost >

8)    Restart Apache

No comments:

Post a Comment