linux_wiki:configure_tls_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:configure_tls_security [2016/09/27 23:24]
billdozor [Generate CSR] 		linux_wiki:configure_tls_security [2019/05/25 23:50]
Line 1: Line 1:
-====== Configure TLS Security ====== 
- 
-**General Information** 
- 
-Configuring TLS security (certificates).  
- 
----- 
- 
-====== Create a Cert ====== 
- 
-Install require packages 
-<code bash> 
-yum install mod_ssl openssl 
-</code> 
- 
-\\ 
-Create a key and certificate with openssl - check syntax 
-<code bash> 
-cat /etc/pki/tls/certs/make-dummy-cert 
-</code> 
-  * This line contains the syntax you are looking for: answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null 
- 
-\\ 
-Create a key and certificate with openssl 
-<code bash> 
-openssl req -newkey rsa:2048 -keyout /etc/pki/tls/private/server1.key -nodes -x509 -days 365 -out /etc/pki/tls/certs/server1.crt 
-</code> 
- 
-===== Self-Signed Cert ===== 
- 
-If not sending the CSR to a certificate authority, you can create a self-signed cert. (Usually only for development systems or testing) 
- 
-\\ 
-Self sign a CSR 
-<code bash> 
-openssl x509 -req -days 365 -signkey testsite.example.com.key -in testsite.example.com.csr -out testsite.example.com.crt 
-</code> 
- 
----- 
- 
-====== Configuring a Site with a TLS Certificate ====== 
- 
-Edit virtual host file and add a tcp/443 listen entry 
-<code bash> 
-vim /etc/httpd/conf.d/myvhost.conf 
- 
-<VirtualHost *:443> 
-  ServerAdmin admin@myvhost.example.com 
-  DocumentRoot /var/www/html/myvhost 
-  ServerName myvhost.example.com:443 
-   
-  SSLCertificateFile /etc/pki/tls/certs/testsite.example.com.crt 
-  SSLCertificateKeyFile /etc/pki/tls/certs/testsite.example.com.key 
-   
-  ErrorLog logs/myvhost-ssl-error_log 
-  CustomLog logs/myvhost-ssl-access_log combined 
-</VirtualHost> 
-</code> 
- 
-\\ 
-Allow https through the firewall 
-<code bash> 
-firewall-cmd --permanent --add-service=https 
-firewall-cmd --reload 
-</code> 
- 
-\\ 
-Restart httpd 
-<code bash> 
-systemctl restart httpd 
-</code> 
- 
-\\ 
-Visit the secure site 
-<code bash> 
-https://testsite.example.com 
-</code> 
- 
----- 
  
  • linux_wiki/configure_tls_security.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)