This is an old revision of the document!
Configure TLS Security
General Information
Configuring TLS security (certificates).
Create a Cert
Install require packages
yum install mod_ssl openssl
Create a key and certificate with openssl - check syntax
cat /etc/pki/tls/certs/make-dummy-cert
- This line contains the syntax you are looking for: answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
Create a key and certificate with openssl
openssl req -newkey rsa:2048 -keyout /etc/pki/tls/private/myvhost.example.com.key -nodes -x509 -days 365 -out /etc/pki/tls/certs/myvhost.example.com.crt
Configuring a Site with a TLS Certificate
Edit virtual host file and add a tcp/443 listen entry
vim /etc/httpd/conf.d/myvhost.conf <VirtualHost *:443> ServerAdmin admin@myvhost.example.com DocumentRoot /var/www/html/myvhost ServerName myvhost.example.com:443 SSLCertificateFile /etc/pki/tls/certs/testsite.example.com.crt SSLCertificateKeyFile /etc/pki/tls/certs/testsite.example.com.key ErrorLog logs/myvhost-ssl-error_log CustomLog logs/myvhost-ssl-access_log combined </VirtualHost>
Allow https through the firewall
firewall-cmd --permanent --add-service=https firewall-cmd --reload
Restart httpd
systemctl restart httpd
Visit the secure site
https://testsite.example.com
Redirect to TLS
Redirect http to https.
Option 1: Using mod_rewrite
<VirtualHost *:80> ServerName myvhost.example.com RewriteEngine on RewriteRule ^(/.*)$ https://%{HTTP_POST}$1 [redirect=301] </VirtualHost>
Option 2: Using Redirect
<VirtualHost *:80> ServerName myvhost.example.com Redirect / https://myvhost.example.com/ </VirtualHost>