Http Configuration | How to Configure and Generate Self Sign Certificates | Generate SSL Certs

Http Configuration | How to Configure and Generate Self Sign Certificates | Generate SSL Certs


apache, apache config, apache configuration, apache config test, httpd apache, httpd conf, https apache, apache server, apache server in linux, apache web server, apache ssl configuration, apache ssl config,  apache ssl enable, apache ssl port, ssl certificate, generate ssl certificate, generate ssl certificate
https configuration
Tags:  apache, apache config, apache configuration, apache config test, httpd apache, httpd conf, https apache, apache server, apache server in linux, apache web server, apache ssl configuration, apache ssl config,  apache ssl enable, apache ssl port, ssl certificate, generate ssl certificate, generate ssl certificate








Question : how to configure HTTP in Linux centos 6 , rhel 6

Question : step by step HTTP configuration in Linux centos6 , rhel6

Question : step by step  http & https configuration in Linux cento6 , rhel6

Question : How to generate SSL Certs ?


IP - 10.20.2.33
Hostname - khandwa.lokesh.com
OS - CentOS 6
PORT HTTP - 80, HTTPs - 443

Apache is a free and opensource Web server. It s Supports all major distribution such as windows, Linux , Solaris and Mac operating system.

Some important directories are listed below

 /etc/httpd -  Main Apache root configuration directory.

/etc/httpd/conf.d - Additional Apache configuration files provided by third party software

/etc/httpd/conf/httpd.conf - httpd main configuration file.

/var/lib/httpd/modules - Configuration files for additional modules

/etc/log/httpd - Contains log files 

/var/www -  Main web document root directory.


To Install Require Package using  yum or rpm
yum install http*
To Restart httpd service & enable  to start for every boot.
 service httpd restart checkconfig httpd on

Verify service status
 service httpd status


Test Web Server in any Browser Using following Url  :

 http://your_IP_address. 
 or
 http://your _hostname.

apache, apache config, apache configuration, apache config test, httpd apache, httpd conf, https apache, apache server, apache server in linux, apache web server, apache ssl configuration, apache ssl config,  apache ssl enable, apache ssl port, ssl certificate, generate ssl certificate, generate ssl certificate

Create Virtual Hosts :
Configure / Run  several websites on the same server called a virtual hosting . Virtual hosts can be "IP-based", meaning that you have a different IP address for every web site, or "name-based", meaning that you have multiple names running on each IP address.

(*) you can set IP address of your server

NameVirtualHost *:80

Step 1: 

Create a directory for content of website,  we can choose any name and create directory :
mkdir /var/www/html/lokesh.com
Create a index file under  lokesh.com directory
vi /var/www/html/lokesh.com/index.html


Step 2

We will Create new virtual host configuration file under the additional configuration directory
 vi /etc/httpd/conf.d/lokesh.conf
Go to insert mode & type following lines

<VirtualHost 10.20.2.33:80> ServerAdmin [email protected] DocumentRoot /var/www/html/lokesh.com ServerName lokesh.com ErrorLog logs/lokesh.com-error_log CustomLog logs/lokesh.com-access_log common</VirtualHost>

apache, apache config, apache configuration, apache config test, httpd apache, httpd conf, https apache, apache server, apache server in linux, apache web server, apache ssl configuration, apache ssl config,  apache ssl enable, apache ssl port, ssl certificate, generate ssl certificate, generate ssl certificate

Step 3

To Check Syntax Error in Apache Configuration  
 service httpd configtest
Basic Configuration of HTTP is almost done now we will restart httpd service,
service httpd restart



HTTPs Configuration | Apache Security | HTTPs

Install Require Package Using yum
yum install opensslyum install mod_ssl Or mod_nss ( only one of them)
Setting Up an SSL Server:

A cryptographic protocol that allows a server and a client to communicate securely called Secure Sockets Layer (SSL). Along with its extended and improved version called Transport Layer Security (TLS), it ensures both privacy and data integrity. 
The Apache HTTP Server in combination with mod_ssl, a module that uses the OpenSSL toolkit to provide the SSL/TLS support, is commonly referred to as the SSL server. 

Enabling / Disabling SSL and TLS
vi /etc/httpd/conf.d/ssl.conf
Edit the SSLProtocol line as follows




To Restart httpd service 
service httpd restart
Test SSL / TLS Protocols
openssl s_client -connect localhost:443 -ssl3


Check https listen  port in : etc/httpd/conf.d/ssl.conf. it should always enable with 443 port

Listen: 443

Generating  SSL Certificate  

Method 1  

To install crypto utility 
yum install crypto-utils
To run the utility:
genkey <hostname>genkey khandwa.lokesh.com
Review the target locations in which the key and certificate will be stored



Select "Next"  Using the up and down arrow keys, 

Now select a suitable key size



Press "Next"

Generate CSR = Yes

encrypt the private key = check & hit enter

set private key passphrase = choose pass & next

Enter your certificate detail



Press "Next" & then "Finish"

Method 2

Generate a self-signed certificate :  Generate private key
openssl genrsa -out ca.key 2048
Here ca.key is a key name & 2048 is key size.

Generate CSR
openssl req -new -key ca.key -out ca.csr
Generate Self Signed Key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
apache, apache config, apache configuration, apache config test, httpd apache, httpd conf, https apache, apache server, apache server in linux, apache web server, apache ssl configuration, apache ssl config,  apache ssl enable, apache ssl port, ssl certificate, generate ssl certificate, generate ssl certificate

Copy  files to the correct locations

cp ca.crt /etc/pki/tls/certscp ca.key /etc/pki/tls/private/ca.keycp ca.csr /etc/pki/tls/private/ca.csr


Note - If you have moved the files and not copied them, you can use the following command to correct the SELinux contexts on those files, as the correct context definitions for /etc/pki/* come with the bundled SELinux policy.
restorecon -RvF /etc/pki
Add certs file in  Apache Configuration
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf


Now Create Virtual Hosts for  HTTPs with same process like http.
mkdir /var/www/html/khandwa.lokesh.com
vi /var/www/html/khandwa.lokesh.com/index.html
Configure VirtualHost 
vi /etc/httpd/conf.d/khandwa.lokesh.conf

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
<Directory /var/www/html>
AllowOverride All
< /Directory>
DocumentRoot /var/www/html
ServerName khandwa.lokesh.com
ServerAdmin [email protected]
ErrorLog logs/khandwa.lokesh.com-error_log
CustomLog logs/khandwa.lokesh.com-access_log common
</VirtualHost>





Restart and enable httpd Service

Service httpd restart
Chkconfig httpd on
Access secure web server on blow link

https://khandwa.lokesh.com
Previous
Next Post »