General Information
Configuring TLS security (certificates).
The following virtual machines will be used:
Previous Sections Completed
Install require packages
yum install mod_ssl openssl
Create a key and certificate with openssl - check syntax
cat /etc/pki/tls/certs/make-dummy-cert | grep answer
Create a key and certificate with openssl
openssl req -newkey rsa:2048 -keyout /etc/pki/tls/bluesite.key -nodes -x509 -days 365 -out /etc/pki/tls/bluesite.crt
Prompts from the openssl cert create
Country Name (2 letter code) [XX]:US State or Province Name (full name) []:Here Locality Name (eg, city) [Default City]:Right Organization Name (eg, company) [Default Company Ltd]:Ur Co Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:bluesite.example.com Email Address []:
Edit virtual host file and add a tcp/443 listen entry for bluesite
vim /etc/httpd/conf.d/vhosts.conf <VirtualHost *:443> ServerAdmin admin@bluesite.example.com DocumentRoot /var/www/html/bluesite ServerName bluesite.example.com SSLEngine On SSLCertificateFile /etc/pki/tls/bluesite.crt SSLCertificateKeyFile /etc/pki/tls/bluesite.key ErrorLog logs/bluesite-ssl-error_log CustomLog logs/blusite-ssl-access_log combined </VirtualHost>
Allow https through the firewall
firewall-cmd --permanent --add-service=https firewall-cmd --reload
Restart httpd
systemctl restart httpd
Visit the secure site
https://bluesite.example.com
Redirect http to https.
Option 1: Using Redirect (Apache documentation recommends this method)
<VirtualHost *:80> ServerName bluesite.example.com Redirect / https://bluesite.example.com/ </VirtualHost>
Option 2: Using mod_rewrite
<VirtualHost *:80> ServerName bluesite.example.com RewriteEngine on RewriteRule ^(/.*)$ https://%{HTTP_POST}$1 [redirect=301] </VirtualHost>