Pular para o conteúdo principal

Add SSL to CentOS web server

Add SSL to CentOS web server: "

CentOS might well be one of the finest Linux distributions for a server environment. It is basically a mimic of Red Hat Enterprise Linux without the proprietary software and the price attached to it. With that in mind, it makes perfect sense to set CentOS up as your go-to Web server. It’s reliable, it’s stable, it’s extensible, and it’s secure.

But setting up a secure web server isn’t complete without the inclusion of SSL and certificates. If you are wanting to serve up sercure web pages you will certainly want your audience to be able to send them to https instead of http. So…with CentOS how do you do that? I will show you how.

Installing all of the packages

I will assume you already have CentOS installed as well as the Apache Web Server. Make sure you are able to go to the default Apache web page (or any web page on your CentOS web server), before you set up SSL. When you have all of that working you will need to install a couple of packages. This is done with the following steps:

  1. Open up a terminal window.
  2. Su to the root user.
  3. Issue the command yum install mod_ssl openssl.
  4. Let the installation complete.

With SSL installed and ready, it’s time to create your certificates for usage.

Creating your certificate

You will now have everything on your server to create CAs. You need to generate a private key, a csr, a self-signed key, and then you need to copy these files to the correct location. This is done with the following steps.

  1. Open up a terminal window.
  2. Su to the root user.
  3. Generate the private key with the command openssl genrsa -out ca.key 1024.
  4. Generate the csr with the command openssl req -new -key ca.key -out ca.csr.
  5. Generate the self-signed key with the command openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt.
  6. Move the self-signed key with the command cp ca.crt /etc/pki/tls/certs.
  7. Move the private key with the command cp ca.key /etc/pki/tls/private/ca.key.
  8. Move the csr with the command cp ca.csr /etc/pki/tls/private/ca.csr.

Edit the Apache SSL configuration

Open the file /etc/httpd/conf.d/ssl.conf and look for the section SSLCertificateFile. Make sure that line reads:

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Now look for the SSLCertificateKeyFile and make sure that section reads:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Save that file and you are ready to restart Apache.

Restart and test

Before you try to test Apache’s new SSL feature, you must restart the daemon. To do this issue the command /etc/rc.d/init.d/httpd restart. Hopefully you will see no warnings or errors. If not, then point your browser to https://ADDRESS_TO_SERVER Where ADDRESS_TO_SERVER is either the IP Address or the domain. You should then see a warning from your browser about the certificate for the site. If you see this warning congratulations, your Apache server is now ready for secure connections.

Remember, though, you created a self-signed certificate. To get the most out of SSL you might want to purchase a CA from a trusted name like Verisign (There are, of course, plenty of other places where you can purchase those certifiacates).

© Jack Wallen for gHacks Technology News, 2010. | Permalink | Add to del.icio.us, digg, facebook, reddit, twitter
Post tags: , ,

"

Comentários

Postar um comentário

Postagens mais visitadas deste blog

Favigen, Favicon Generator

Favigen, Favicon Generator : " Favicons are small icons that help identify websites. They are used as a visual representation of a website both in the web browser and at many online services. The three most prominent locations of favicons are the browser’s address bar, the tabbar and the bookmarks folder. Many webmasters like to create custom favicons to add that custom identifier to their website. Favicons can be created in many image and icon editors, but also online. Favigen is a straightforward favicon generator that can turn an image into a favicon. All that it takes is to pick an image from the local hard drive first, select the dimensions of the favicon and click the submit button to make the service generate the favicon. Favigen supports several image formats, including jpg and png, and it does not seem to have size restrictions either. Available image dimensions range are 16×16, 32×32 and 64×64. The generated favicon is displayed directly on the page. A click on do...
Postar um comentário
Leia mais

A simple rsync script to back up your home directory

A simple rsync script to back up your home directory : " Backing up important data is obviously something we should all do. Unfortunately, it is not always easy to make it happen. We get lazy; we do not have the additional hardware for a backup server; it takes a long time and a lot of CDs to back up to optical media; we do not trust online backup services; backup schemes are difficult to set up and use — any of dozens of reasons can stand in our way. Still, we know we should be backing up our important data. Modern open source Unix-like operating systems offer a plethora of options for incredibly simple, effective backup schemes, however. If the problem is figuring out how to set one up, a simple rsync solution may be exactly what you need. The rsync utility is used to synchronize files between two systems. It does so by way of incremental copies, only copying from the source to the destination what has not already been copied there, saving time, network bandwidth, and syst...
Postar um comentário
Leia mais

Google Wave now open to the public: faster, Robots and Gadgets aplenty!

Google Wave now open to the public: faster, Robots and Gadgets aplenty! : " Filed under: Internet , Google If you somehow missed it, Google Wave is now a bonafide Labs project: rather than being an invite-only alpha, it's now a public beta test! If you don't already have an account, just head on over to Wave and use your regular Google login details. If you've not seen any of the Google Wave introductory videos , you should check them out -- they explain the whole thing a lot more succinctly than I ever could. Wave has also been enabled for Google Apps domains -- businesses could convert their internal communication to Waves today! Leading up to this public release there have a lot of changes. It's by no means finished, but Google Wave is now a lot faster . It's also more intuitive -- more useful -- and given the large number of Robots and Gadgets now reaching prime-time readiness, it feels like the mass adoption of Wave is imminent. Also, if you're an ol...
Postar um comentário
Leia mais