linux_wiki:configure_tls_security

This is an old revision of the document!

Configure TLS Security

General Information

Configuring TLS security (certificates).

Create a Cert

Install require packages 

yum install mod_ssl openssl


Create a key and certificate with openssl - check syntax 

cat /etc/pki/tls/certs/make-dummy-cert
  • This line contains the syntax you are looking for: answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null


Create a key and certificate with openssl 

openssl req -newkey rsa:2048 -keyout /etc/pki/tls/private/myvhost.example.com.key -nodes -x509 -days 365 -out /etc/pki/tls/certs/myvhost.example.com.crt

Configuring a Site with a TLS Certificate

Edit virtual host file and add a tcp/443 listen entry 

vim /etc/httpd/conf.d/myvhost.conf
 
<VirtualHost *:443>
  ServerAdmin admin@myvhost.example.com
  DocumentRoot /var/www/html/myvhost
  ServerName myvhost.example.com:443
 
  SSLCertificateFile /etc/pki/tls/certs/testsite.example.com.crt
  SSLCertificateKeyFile /etc/pki/tls/certs/testsite.example.com.key
 
  ErrorLog logs/myvhost-ssl-error_log
  CustomLog logs/myvhost-ssl-access_log combined
</VirtualHost>


Allow https through the firewall 

firewall-cmd --permanent --add-service=https
firewall-cmd --reload


Restart httpd 

systemctl restart httpd


Visit the secure site 

https://testsite.example.com

Redirect to TLS

Redirect http to https.

Option 1: Using mod_rewrite 

<VirtualHost *:80>
  ServerName myvhost.example.com
 
  RewriteEngine on
  RewriteRule ^(/.*)$  https://%{HTTP_POST}$1 [redirect=301]
</VirtualHost>


Option 2: Using Redirect 

<VirtualHost *:80>
  ServerName myvhost.example.com
 
  Redirect / https://myvhost.example.com/
</VirtualHost>
  • linux_wiki/configure_tls_security.1475033770.txt.gz
  • Last modified: 2019/05/25 23:50
  • (external edit)