Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_tls_security [2016/10/08 17:56] billdozor |
linux_wiki:configure_tls_security [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure TLS Security ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Configuring TLS security (certificates). | ||
- | |||
- | ---- | ||
- | |||
- | ====== Lab Setup ====== | ||
- | |||
- | The following virtual machines will be used: | ||
- | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
- | * server2.example.com (192.168.1.151) -> Install Apache Web Server here | ||
- | |||
- | ---- | ||
- | |||
- | ====== Create a Cert ====== | ||
- | |||
- | Install require packages | ||
- | <code bash> | ||
- | yum install mod_ssl openssl | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create a key and certificate with openssl - check syntax | ||
- | <code bash> | ||
- | cat / | ||
- | </ | ||
- | * This line contains the syntax you are looking for: answers | / | ||
- | |||
- | \\ | ||
- | Create a key and certificate with openssl | ||
- | <code bash> | ||
- | openssl req -newkey rsa:2048 -keyout / | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configuring a Site with a TLS Certificate ====== | ||
- | |||
- | Edit virtual host file and add a tcp/443 listen entry | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | < | ||
- | ServerAdmin admin@myvhost.example.com | ||
- | DocumentRoot / | ||
- | ServerName myvhost.example.com: | ||
- | | ||
- | SSLCertificateFile / | ||
- | SSLCertificateKeyFile / | ||
- | | ||
- | ErrorLog logs/ | ||
- | CustomLog logs/ | ||
- | </ | ||
- | </ | ||
- | |||
- | \\ | ||
- | Allow https through the firewall | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=https | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | Restart httpd | ||
- | <code bash> | ||
- | systemctl restart httpd | ||
- | </ | ||
- | |||
- | \\ | ||
- | Visit the secure site | ||
- | <code bash> | ||
- | https:// | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Redirect to TLS ====== | ||
- | |||
- | Redirect http to https. | ||
- | |||
- | Option 1: Using mod_rewrite | ||
- | <code bash> | ||
- | < | ||
- | ServerName myvhost.example.com | ||
- | | ||
- | RewriteEngine on | ||
- | RewriteRule ^(/ | ||
- | </ | ||
- | </ | ||
- | |||
- | \\ | ||
- | Option 2: Using Redirect | ||
- | <code bash> | ||
- | < | ||
- | ServerName myvhost.example.com | ||
- | |||
- | Redirect / https:// | ||
- | </ | ||
- | </ | ||
- | |||
- | ---- | ||