linux_wiki:configure_tls_security

This is an old revision of the document!

Configure Tls Security

General Information

Configuring TLS security (certificates).

Generate CSR

Install require packages 

yum install mod_ssl openssl


Create private key file 

openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out testsite.example.com.key


Create CSR (Certificate Signing Request) 

openssl req -new -key testsite.example.com.key -out testsite.example.com.csr
  • Prompted for informational questions that will be used for domain ownership validation.
  • Completed CSR is sent to a certificate authority

Self-Signed Cert

If not sending the CSR to a certificate authority, you can create a self-signed cert. (Usually only for development systems or testing)


Self sign a CSR 

openssl x509 -req -days 365 -signkey testsite.example.com.key -in testsite.example.com.csr -out testsite.example.com.crt

Configuring a Site with a TLS Certificate

Edit virtual host file and add a tcp/443 listen entry 

vim /etc/httpd/conf.d/myvhost.conf
 
<VirtualHost *:443>
  ServerAdmin admin@myvhost.example.com
  DocumentRoot /var/www/html/myvhost
  ServerName myvhost.example.com:443
 
  SSLCertificateFile /etc/pki/tls/certs/testsite.example.com.crt
  SSLCertificateKeyFile /etc/pki/tls/certs/testsite.example.com.key
 
  ErrorLog logs/myvhost-ssl-error_log
  CustomLog logs/myvhost-ssl-access_log combined
</VirtualHost>


Allow https through the firewall 

firewall-cmd --permanent --add-service=https
firewall-cmd --reload


Restart httpd 

systemctl restart httpd


Visit the secure site 

https://testsite.example.com
  • linux_wiki/configure_tls_security.1472442695.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)