Differences

This shows you the differences between two versions of the page.

--- linux_wiki:configure_tls_security [2016/10/08 17:56]
billdozor
+++ linux_wiki:configure_tls_security [2019/05/25 23:50] (current)
@@ Line 12: / Line 12: @@
   * server1.example.com (192.168.1.150) -> Perform all connectivity tests from here
   * server2.example.com (192.168.1.151) -> Install Apache Web Server here
+**Previous Sections Completed**
+  * [[linux_wiki:network_services_overview_apache_web_server|Install/Configure]]
+    * Except leave listening on port 80/tcp
+  * [[linux_wiki:configure_a_virtual_host|Virtual Host Config]]
 ----
@@ Line 25: / Line 30: @@
 Create a key and certificate with openssl - check syntax
 <code bash>
-cat /etc/pki/tls/certs/make-dummy-cert
+cat /etc/pki/tls/certs/make-dummy-cert | grep answer
 </code>
   * This line contains the syntax you are looking for: answers | /usr/bin/openssl req -newkey rsa:2048 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 2> /dev/null
@@ Line 32: / Line 37: @@
 Create a key and certificate with openssl
 <code bash>
-openssl req -newkey rsa:2048 -keyout /etc/pki/tls/private/myvhost.example.com.key -nodes -x509 -days 365 -out /etc/pki/tls/certs/myvhost.example.com.crt
+openssl req -newkey rsa:2048 -keyout /etc/pki/tls/bluesite.key -nodes -x509 -days 365 -out /etc/pki/tls/bluesite.crt
 </code>
+\\
+Prompts from the openssl cert create
+<code bash>
+Country Name (2 letter code) [XX]:US
+State or Province Name (full name) []:Here
+Locality Name (eg, city) [Default City]:Right
+Organization Name (eg, company) [Default Company Ltd]:Ur Co
+Organizational Unit Name (eg, section) []:
+Common Name (eg, your name or your server's hostname) []:bluesite.example.com
+Email Address []:
+</code>
+  * For the purposes of the lab, the 'Common Name' (website name) is really the only important part.
 ----
@@ Line 39: / Line 57: @@
 ====== Configuring a Site with a TLS Certificate ======
-Edit virtual host file and add a tcp/443 listen entry
+Edit virtual host file and add a tcp/443 listen entry for bluesite
 <code bash>
-vim /etc/httpd/conf.d/myvhost.conf
+vim /etc/httpd/conf.d/vhosts.conf
 <VirtualHost *:443>
-  ServerAdmin admin@myvhost.example.com
+  ServerAdmin admin@bluesite.example.com
-  DocumentRoot /var/www/html/myvhost
+  DocumentRoot /var/www/html/bluesite
-  ServerName myvhost.example.com:443
+  ServerName bluesite.example.com
-  SSLCertificateFile /etc/pki/tls/certs/testsite.example.com.crt
+  SSLEngine On
-  SSLCertificateKeyFile /etc/pki/tls/certs/testsite.example.com.key
+  SSLCertificateFile /etc/pki/tls/bluesite.crt
+  SSLCertificateKeyFile /etc/pki/tls/bluesite.key
-  ErrorLog logs/myvhost-ssl-error_log
-  CustomLog logs/myvhost-ssl-access_log combined
+  ErrorLog logs/bluesite-ssl-error_log
+  CustomLog logs/blusite-ssl-access_log combined
 </VirtualHost>
 </code>
@@ Line 72: / Line 91: @@
 Visit the secure site
 <code bash>
-https://testsite.example.com
+https://bluesite.example.com
 </code>
@@ Line 81: / Line 100: @@
 Redirect http to https.
-Option 1: Using mod_rewrite
+\\
+Option 1: Using Redirect (**Apache documentation recommends this method**)
 <code bash>
 <VirtualHost *:80>
-  ServerName myvhost.example.com
+  ServerName bluesite.example.com
-  RewriteEngine on
+  Redirect / https://bluesite.example.com/
-  RewriteRule ^(/.*)$  https://%{HTTP_POST}$1 [redirect=301]
 </VirtualHost>
 </code>
 \\
-Option 2: Using Redirect
+Option 2: Using mod_rewrite
 <code bash>
 <VirtualHost *:80>
-  ServerName myvhost.example.com
+  ServerName bluesite.example.com
-  Redirect / https://myvhost.example.com/
+  RewriteEngine on
+  RewriteRule ^(/.*)$  https://%{HTTP_POST}$1 [redirect=301]
 </VirtualHost>
 </code>