Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_tls_security [2016/09/27 23:24] billdozor [Generate CSR] |
linux_wiki:configure_tls_security [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure TLS Security ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Configuring TLS security (certificates). | ||
- | |||
- | ---- | ||
- | |||
- | ====== Create a Cert ====== | ||
- | |||
- | Install require packages | ||
- | <code bash> | ||
- | yum install mod_ssl openssl | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create a key and certificate with openssl - check syntax | ||
- | <code bash> | ||
- | cat / | ||
- | </ | ||
- | * This line contains the syntax you are looking for: answers | / | ||
- | |||
- | \\ | ||
- | Create a key and certificate with openssl | ||
- | <code bash> | ||
- | openssl req -newkey rsa:2048 -keyout / | ||
- | </ | ||
- | |||
- | ===== Self-Signed Cert ===== | ||
- | |||
- | If not sending the CSR to a certificate authority, you can create a self-signed cert. (Usually only for development systems or testing) | ||
- | |||
- | \\ | ||
- | Self sign a CSR | ||
- | <code bash> | ||
- | openssl x509 -req -days 365 -signkey testsite.example.com.key -in testsite.example.com.csr -out testsite.example.com.crt | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configuring a Site with a TLS Certificate ====== | ||
- | |||
- | Edit virtual host file and add a tcp/443 listen entry | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | < | ||
- | ServerAdmin admin@myvhost.example.com | ||
- | DocumentRoot / | ||
- | ServerName myvhost.example.com: | ||
- | | ||
- | SSLCertificateFile / | ||
- | SSLCertificateKeyFile / | ||
- | | ||
- | ErrorLog logs/ | ||
- | CustomLog logs/ | ||
- | </ | ||
- | </ | ||
- | |||
- | \\ | ||
- | Allow https through the firewall | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=https | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | Restart httpd | ||
- | <code bash> | ||
- | systemctl restart httpd | ||
- | </ | ||
- | |||
- | \\ | ||
- | Visit the secure site | ||
- | <code bash> | ||
- | https:// | ||
- | </ | ||
- | |||
- | ---- | ||