Here's a quick way to run an SSL Secured Webserver. Ideally, a trusted Certificate Authority should be used, but as a proof of concept, we'll be generating our own self-signed certificate.
This assumes a fully functional Apache Webserver running on CentOS Linux.
0. Login as root/sudo into the terminal
1. Install prerequisites
yum install mod_ssl openssl
2. Generate Certificate / Private Key
(or use instructions from trusted CA with a purchased certificate)
openssl genrsa -out ca.key 1024
3. Generate Certificate Signing Request (CSR)
openssl req -new -key ca.key -out ca.csr
4. Generate Self Signed Key
openssl -x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
5. Copy files to appropriate locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
6. For SELinux
restorecon -Rvf /etc/pki
7. Update the Apache SSL config file
vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
Edit the two entries in the file
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
8. Restart Apache
service httpd restart
9. Configure the firewall to accept incoming SSL requests
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
service iptables save
iptables -L –v
10. Test
From a web browser hit https://servername.com and the page should be displayed.
Finito!
Now get some coffee.:)
-noveck
