In this blog we are going to discuss about encrypting communications to web server using TLS/SSL.
Step 1: Install mod_ssl and httpd
Step 2: Perform the things required for web server by editing the "/etc/httpd/conf/httpd.conf" and also the creation of web pages in the directories described in the configuration file.
Steps 3: Edit the ssl configuration file
Check line nu 88
SSLEngine on ------>>> remove comments if exists
We are using the default certificate and its key
line nu 105 pointing to certificate file
line nu 112 pointing to certificate key file
Thats all editing the ssl configuration file.
Step 4: Restart httpd service
Step 5: Check it out
open firefox and type the url in the address bar
Now an error message is displayed saying that "this page can only be viewed using the url "https://server.example.com". Type the url
When firefox presents a warning ,> click the "I understand the Risks" link > click the "Add Exceptions... " button, > click "View..." when it becomes active. > click "Close"... > click "Confirm security exception"...
Above we used the default certificate / key pair. We too can use a custom self signed certificate using crypto-utils.
Install crypto-utils
Generate self signed certificate/key pair using "genkey" tool
You should be root to generate a key.
First, use the "cd" command to change to the "/etc/httpd/conf/" directory. Remove the fake key and certificate that were generated during the installation with the following commands:
Click next >>
click next >>
On generating your key, you will be prompted to send a Certificate Request (CSR) to a Certificate Authority (CA).
Click no >>
click next >>
If you choose to encrypt, you should set a pass phrase to decrypt the key. And also selecting "encrypt the private key", always you will be asked for the pass phrase whenever restarting the httpd service.
enter the pass phrase and click next >>
Click close.
Now configure the server to use the new certificate and key.
Check whether you have the new certificate and key.
Edit "/etc/httpd/conf.d/ssl.conf". Change the SSLCertificateFile and SSLCertificateKey lines to be.
Now restart the httpd service
55SSWY9XMTQD
Step 1: Install mod_ssl and httpd
# yum -y install mod_ssl httpd
Step 2: Perform the things required for web server by editing the "/etc/httpd/conf/httpd.conf" and also the creation of web pages in the directories described in the configuration file.
Steps 3: Edit the ssl configuration file
# vim /etc/httpd/conf.d/ssl.conf
Check line nu 88
SSLEngine on ------>>> remove comments if exists
We are using the default certificate and its key
line nu 105 pointing to certificate file
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
line nu 112 pointing to certificate key file
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Thats all editing the ssl configuration file.
Step 4: Restart httpd service
# service httpd restart
Step 5: Check it out
open firefox and type the url in the address bar
http://server.example.com
Now an error message is displayed saying that "this page can only be viewed using the url "https://server.example.com". Type the url
https://server.example.com
When firefox presents a warning ,> click the "I understand the Risks" link > click the "Add Exceptions... " button, > click "View..." when it becomes active. > click "Close"... > click "Confirm security exception"...
Above we used the default certificate / key pair. We too can use a custom self signed certificate using crypto-utils.
Install crypto-utils
# yum -y install crypto-utils
Generate self signed certificate/key pair using "genkey" tool
You should be root to generate a key.
First, use the "cd" command to change to the "/etc/httpd/conf/" directory. Remove the fake key and certificate that were generated during the installation with the following commands:
# rm ssl.key/server.key rm ssl.crt/server.crt
# genkey www.example.com
Click next >>
click next >>
On generating your key, you will be prompted to send a Certificate Request (CSR) to a Certificate Authority (CA).
Click no >>
click next >>
enter the pass phrase and click next >>
Click close.
Now configure the server to use the new certificate and key.
Check whether you have the new certificate and key.
# ls /etc/pki/tls/certs/
ca-bundle.crt ca-bundle.trust.crt localhost.crt make-dummy-cert Makefile server.csr server.crt www.example.com.crt
# ls /etc/pki/tls/private/
server.key www.example.com.key
Edit "/etc/httpd/conf.d/ssl.conf". Change the SSLCertificateFile and SSLCertificateKey lines to be.
SSLCertificateFile /etc/pki/tls/certs/www.example.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.example.com.key
Now restart the httpd service
# service httpd restart
55SSWY9XMTQD
No comments:
Post a Comment