linux_wiki:configure_tls_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:configure_tls_security [2016/10/08 17:56]
billdozor 		linux_wiki:configure_tls_security [2019/05/25 23:50]
Line 1: Line 1:
-====== Configure TLS Security ====== 
- 
-**General Information** 
- 
-Configuring TLS security (certificates).  
- 
----- 
- 
-====== Lab Setup ====== 
- 
-The following virtual machines will be used: 
-  * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here 
-  * server2.example.com (192.168.1.151) -> Install Apache Web Server here 
- 
----- 
- 
-====== Create a Cert ====== 
- 
-Install require packages 
-<code bash> 
-yum install mod_ssl openssl 
-</code> 
- 
-\\ 
-Create a key and certificate with openssl - check syntax 
-<code bash> 
-cat /etc/pki/tls/certs/make-dummy-cert 
-</code> 
-  * This line contains the syntax you are looking for: answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null 
- 
-\\ 
-Create a key and certificate with openssl 
-<code bash> 
-openssl req -newkey rsa:2048 -keyout /etc/pki/tls/private/myvhost.example.com.key -nodes -x509 -days 365 -out /etc/pki/tls/certs/myvhost.example.com.crt 
-</code> 
- 
----- 
- 
-====== Configuring a Site with a TLS Certificate ====== 
- 
-Edit virtual host file and add a tcp/443 listen entry 
-<code bash> 
-vim /etc/httpd/conf.d/myvhost.conf 
- 
-<VirtualHost *:443> 
-  ServerAdmin admin@myvhost.example.com 
-  DocumentRoot /var/www/html/myvhost 
-  ServerName myvhost.example.com:443 
-   
-  SSLCertificateFile /etc/pki/tls/certs/testsite.example.com.crt 
-  SSLCertificateKeyFile /etc/pki/tls/certs/testsite.example.com.key 
-   
-  ErrorLog logs/myvhost-ssl-error_log 
-  CustomLog logs/myvhost-ssl-access_log combined 
-</VirtualHost> 
-</code> 
- 
-\\ 
-Allow https through the firewall 
-<code bash> 
-firewall-cmd --permanent --add-service=https 
-firewall-cmd --reload 
-</code> 
- 
-\\ 
-Restart httpd 
-<code bash> 
-systemctl restart httpd 
-</code> 
- 
-\\ 
-Visit the secure site 
-<code bash> 
-https://testsite.example.com 
-</code> 
- 
----- 
- 
-====== Redirect to TLS ====== 
- 
-Redirect http to https. 
- 
-Option 1: Using mod_rewrite 
-<code bash> 
-<VirtualHost *:80> 
-  ServerName myvhost.example.com 
-   
-  RewriteEngine on 
-  RewriteRule ^(/.*)$  https://%{HTTP_POST}$1 [redirect=301] 
-</VirtualHost> 
-</code> 
- 
-\\ 
-Option 2: Using Redirect 
-<code bash> 
-<VirtualHost *:80> 
-  ServerName myvhost.example.com 
- 
-  Redirect / https://myvhost.example.com/ 
-</VirtualHost> 
-</code> 
- 
----- 
  
  • linux_wiki/configure_tls_security.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)