linux_wiki:configure_tls_security

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

linux_wiki:configure_tls_security [2018/04/10 00:06]
billdozor [Redirect to TLS] 		linux_wiki:configure_tls_security [2019/05/25 23:50]
Line 1: Line 1:
-====== Configure TLS Security ====== 
- 
-**General Information** 
- 
-Configuring TLS security (certificates).  
- 
----- 
- 
-====== Lab Setup ====== 
- 
-The following virtual machines will be used: 
-  * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here 
-  * server2.example.com (192.168.1.151) -> Install Apache Web Server here 
- 
-**Previous Sections Completed** 
-  * [[linux_wiki:network_services_overview_apache_web_server|Install/Configure]] 
-    * Except leave listening on port 80/tcp 
-  * [[linux_wiki:configure_a_virtual_host|Virtual Host Config]] 
- 
----- 
- 
-====== Create a Cert ====== 
- 
-Install require packages 
-<code bash> 
-yum install mod_ssl openssl 
-</code> 
- 
-\\ 
-Create a key and certificate with openssl - check syntax 
-<code bash> 
-cat /etc/pki/tls/certs/make-dummy-cert | grep answer 
-</code> 
-  * This line contains the syntax you are looking for: answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null 
- 
-\\ 
-Create a key and certificate with openssl 
-<code bash> 
-openssl req -newkey rsa:2048 -keyout /etc/pki/tls/bluesite.key -nodes -x509 -days 365 -out /etc/pki/tls/bluesite.crt 
-</code> 
- 
-\\ 
-Prompts from the openssl cert create 
-<code bash> 
-Country Name (2 letter code) [XX]:US 
-State or Province Name (full name) []:Here 
-Locality Name (eg, city) [Default City]:Right 
-Organization Name (eg, company) [Default Company Ltd]:Ur Co 
-Organizational Unit Name (eg, section) []: 
-Common Name (eg, your name or your server's hostname) []:bluesite.example.com 
-Email Address []: 
-</code> 
-  * For the purposes of the lab, the 'Common Name' (website name) is really the only important part. 
- 
----- 
- 
-====== Configuring a Site with a TLS Certificate ====== 
- 
-Edit virtual host file and add a tcp/443 listen entry for bluesite 
-<code bash> 
-vim /etc/httpd/conf.d/vhosts.conf 
- 
-<VirtualHost *:443> 
-  ServerAdmin admin@bluesite.example.com 
-  DocumentRoot /var/www/html/bluesite 
-  ServerName bluesite.example.com 
- 
-  SSLEngine On 
-  SSLCertificateFile /etc/pki/tls/bluesite.crt 
-  SSLCertificateKeyFile /etc/pki/tls/bluesite.key 
- 
-  ErrorLog logs/bluesite-ssl-error_log 
-  CustomLog logs/blusite-ssl-access_log combined 
-</VirtualHost> 
-</code> 
- 
-\\ 
-Allow https through the firewall 
-<code bash> 
-firewall-cmd --permanent --add-service=https 
-firewall-cmd --reload 
-</code> 
- 
-\\ 
-Restart httpd 
-<code bash> 
-systemctl restart httpd 
-</code> 
- 
-\\ 
-Visit the secure site 
-<code bash> 
-https://bluesite.example.com 
-</code> 
- 
----- 
- 
-====== Redirect to TLS ====== 
- 
-Redirect http to https. 
- 
-\\ 
-Option 1: Using Redirect (**Apache documentation recommends this method**) 
-<code bash> 
-<VirtualHost *:80> 
-  ServerName bluesite.example.com 
- 
-  Redirect / https://bluesite.example.com/ 
-</VirtualHost> 
-</code> 
- 
-\\ 
-Option 2: Using mod_rewrite 
-<code bash> 
-<VirtualHost *:80> 
-  ServerName bluesite.example.com 
-   
-  RewriteEngine on 
-  RewriteRule ^(/.*)$  https://%{HTTP_POST}$1 [redirect=301] 
-</VirtualHost> 
-</code> 
- 
----- 
  
  • linux_wiki/configure_tls_security.txt
  • Last modified: 2019/05/25 23:50
  • (external edit)