Differences
This shows you the differences between two versions of the page.
linux_wiki:configure_tls_security [2018/04/10 00:06] billdozor [Redirect to TLS] |
linux_wiki:configure_tls_security [2019/05/25 23:50] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== Configure TLS Security ====== | ||
- | |||
- | **General Information** | ||
- | |||
- | Configuring TLS security (certificates). | ||
- | |||
- | ---- | ||
- | |||
- | ====== Lab Setup ====== | ||
- | |||
- | The following virtual machines will be used: | ||
- | * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here | ||
- | * server2.example.com (192.168.1.151) -> Install Apache Web Server here | ||
- | |||
- | **Previous Sections Completed** | ||
- | * [[linux_wiki: | ||
- | * Except leave listening on port 80/tcp | ||
- | * [[linux_wiki: | ||
- | |||
- | ---- | ||
- | |||
- | ====== Create a Cert ====== | ||
- | |||
- | Install require packages | ||
- | <code bash> | ||
- | yum install mod_ssl openssl | ||
- | </ | ||
- | |||
- | \\ | ||
- | Create a key and certificate with openssl - check syntax | ||
- | <code bash> | ||
- | cat / | ||
- | </ | ||
- | * This line contains the syntax you are looking for: answers | / | ||
- | |||
- | \\ | ||
- | Create a key and certificate with openssl | ||
- | <code bash> | ||
- | openssl req -newkey rsa:2048 -keyout / | ||
- | </ | ||
- | |||
- | \\ | ||
- | Prompts from the openssl cert create | ||
- | <code bash> | ||
- | Country Name (2 letter code) [XX]:US | ||
- | State or Province Name (full name) []:Here | ||
- | Locality Name (eg, city) [Default City]:Right | ||
- | Organization Name (eg, company) [Default Company Ltd]:Ur Co | ||
- | Organizational Unit Name (eg, section) []: | ||
- | Common Name (eg, your name or your server' | ||
- | Email Address []: | ||
- | </ | ||
- | * For the purposes of the lab, the ' | ||
- | |||
- | ---- | ||
- | |||
- | ====== Configuring a Site with a TLS Certificate ====== | ||
- | |||
- | Edit virtual host file and add a tcp/443 listen entry for bluesite | ||
- | <code bash> | ||
- | vim / | ||
- | |||
- | < | ||
- | ServerAdmin admin@bluesite.example.com | ||
- | DocumentRoot / | ||
- | ServerName bluesite.example.com | ||
- | |||
- | SSLEngine On | ||
- | SSLCertificateFile / | ||
- | SSLCertificateKeyFile / | ||
- | |||
- | ErrorLog logs/ | ||
- | CustomLog logs/ | ||
- | </ | ||
- | </ | ||
- | |||
- | \\ | ||
- | Allow https through the firewall | ||
- | <code bash> | ||
- | firewall-cmd --permanent --add-service=https | ||
- | firewall-cmd --reload | ||
- | </ | ||
- | |||
- | \\ | ||
- | Restart httpd | ||
- | <code bash> | ||
- | systemctl restart httpd | ||
- | </ | ||
- | |||
- | \\ | ||
- | Visit the secure site | ||
- | <code bash> | ||
- | https:// | ||
- | </ | ||
- | |||
- | ---- | ||
- | |||
- | ====== Redirect to TLS ====== | ||
- | |||
- | Redirect http to https. | ||
- | |||
- | \\ | ||
- | Option 1: Using Redirect (**Apache documentation recommends this method**) | ||
- | <code bash> | ||
- | < | ||
- | ServerName bluesite.example.com | ||
- | |||
- | Redirect / https:// | ||
- | </ | ||
- | </ | ||
- | |||
- | \\ | ||
- | Option 2: Using mod_rewrite | ||
- | <code bash> | ||
- | < | ||
- | ServerName bluesite.example.com | ||
- | | ||
- | RewriteEngine on | ||
- | RewriteRule ^(/ | ||
- | </ | ||
- | </ | ||
- | |||
- | ---- | ||