This is an old revision of the document!
Configure TLS Security
General Information
Configuring TLS security (certificates).
Generate CSR
Install require packages
yum install mod_ssl openssl
Create private key file
openssl genpkey -algorithm rsa -pkeyopt rsa_keygen_bits:2048 -out testsite.example.com.key
Create CSR (Certificate Signing Request)
openssl req -new -key testsite.example.com.key -out testsite.example.com.csr
- Prompted for informational questions that will be used for domain ownership validation.
- Completed CSR is sent to a certificate authority
Self-Signed Cert
If not sending the CSR to a certificate authority, you can create a self-signed cert. (Usually only for development systems or testing)
Self sign a CSR
openssl x509 -req -days 365 -signkey testsite.example.com.key -in testsite.example.com.csr -out testsite.example.com.crt
Configuring a Site with a TLS Certificate
Edit virtual host file and add a tcp/443 listen entry
vim /etc/httpd/conf.d/myvhost.conf <VirtualHost *:443> ServerAdmin admin@myvhost.example.com DocumentRoot /var/www/html/myvhost ServerName myvhost.example.com:443 SSLCertificateFile /etc/pki/tls/certs/testsite.example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/testsite.example.com.key ErrorLog logs/myvhost-ssl-error_log CustomLog logs/myvhost-ssl-access_log combined </VirtualHost>
Allow https through the firewall
firewall-cmd --permanent --add-service=https firewall-cmd --reload
Restart httpd
systemctl restart httpd
Visit the secure site
https://testsite.example.com