[[linux_wiki:configure_tls_security]]

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:configure_tls_security [2018/04/10 04:06]
billdozor [Redirect to TLS]
linux_wiki:configure_tls_security [2019/05/26 03:50]
Line 1: Line 1:
-====== Configure TLS Security ====== 
- 
-**General Information** 
- 
-Configuring TLS security (certificates). ​ 
- 
----- 
- 
-====== Lab Setup ====== 
- 
-The following virtual machines will be used: 
-  * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here 
-  * server2.example.com (192.168.1.151) -> Install Apache Web Server here 
- 
-**Previous Sections Completed** 
-  * [[linux_wiki:​network_services_overview_apache_web_server|Install/​Configure]] 
-    * Except leave listening on port 80/tcp 
-  * [[linux_wiki:​configure_a_virtual_host|Virtual Host Config]] 
- 
----- 
- 
-====== Create a Cert ====== 
- 
-Install require packages 
-<code bash> 
-yum install mod_ssl openssl 
-</​code>​ 
- 
-\\ 
-Create a key and certificate with openssl - check syntax 
-<code bash> 
-cat /​etc/​pki/​tls/​certs/​make-dummy-cert | grep answer 
-</​code>​ 
-  * This line contains the syntax you are looking for: answers | /​usr/​bin/​openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null 
- 
-\\ 
-Create a key and certificate with openssl 
-<code bash> 
-openssl req -newkey rsa:2048 -keyout /​etc/​pki/​tls/​bluesite.key -nodes -x509 -days 365 -out /​etc/​pki/​tls/​bluesite.crt 
-</​code>​ 
- 
-\\ 
-Prompts from the openssl cert create 
-<code bash> 
-Country Name (2 letter code) [XX]:US 
-State or Province Name (full name) []:Here 
-Locality Name (eg, city) [Default City]:Right 
-Organization Name (eg, company) [Default Company Ltd]:Ur Co 
-Organizational Unit Name (eg, section) []: 
-Common Name (eg, your name or your server'​s hostname) []:​bluesite.example.com 
-Email Address []: 
-</​code>​ 
-  * For the purposes of the lab, the '​Common Name' (website name) is really the only important part. 
- 
----- 
- 
-====== Configuring a Site with a TLS Certificate ====== 
- 
-Edit virtual host file and add a tcp/443 listen entry for bluesite 
-<code bash> 
-vim /​etc/​httpd/​conf.d/​vhosts.conf 
- 
-<​VirtualHost *:443> 
-  ServerAdmin admin@bluesite.example.com 
-  DocumentRoot /​var/​www/​html/​bluesite 
-  ServerName bluesite.example.com 
- 
-  SSLEngine On 
-  SSLCertificateFile /​etc/​pki/​tls/​bluesite.crt 
-  SSLCertificateKeyFile /​etc/​pki/​tls/​bluesite.key 
- 
-  ErrorLog logs/​bluesite-ssl-error_log 
-  CustomLog logs/​blusite-ssl-access_log combined 
-</​VirtualHost>​ 
-</​code>​ 
- 
-\\ 
-Allow https through the firewall 
-<code bash> 
-firewall-cmd --permanent --add-service=https 
-firewall-cmd --reload 
-</​code>​ 
- 
-\\ 
-Restart httpd 
-<code bash> 
-systemctl restart httpd 
-</​code>​ 
- 
-\\ 
-Visit the secure site 
-<code bash> 
-https://​bluesite.example.com 
-</​code>​ 
- 
----- 
- 
-====== Redirect to TLS ====== 
- 
-Redirect http to https. 
- 
-\\ 
-Option 1: Using Redirect (**Apache documentation recommends this method**) 
-<code bash> 
-<​VirtualHost *:80> 
-  ServerName bluesite.example.com 
- 
-  Redirect / https://​bluesite.example.com/​ 
-</​VirtualHost>​ 
-</​code>​ 
- 
-\\ 
-Option 2: Using mod_rewrite 
-<code bash> 
-<​VirtualHost *:80> 
-  ServerName bluesite.example.com 
-  ​ 
-  RewriteEngine on 
-  RewriteRule ^(/​.*)$ ​ https://​%{HTTP_POST}$1 [redirect=301] 
-</​VirtualHost>​ 
-</​code>​ 
- 
----- 
  
  • linux_wiki/configure_tls_security.txt
  • Last modified: 2019/05/26 03:50
  • (external edit)