Apache with SSL & http redirection to https on Centos 6.7

Apache with SSL & http redirection to https on Centos 6.7

The TLS (transport layer security) and its predecessor SSL( secure sockets layer)  are the secure protocols created in order to place normal traffic in a protected, encrypted wrapper.

These protocols allow traffic to be sent safely between remote parties with secure data transfer  where  data is being intercepted and read by someone else in the middle.


In this guide, will learn how to create a self-signed SSL certificate for Apache on an Ubuntu 14.04 server.  Which will allow you to encrypt traffic from your server to client. While this does not provide the benefit of third party validation of your server's identity, it only full fills the requirements of those simply wanting to transfer information securely to the client.

Prerequisites

1. Update the Linux system

# yum update

2. Install the packages using this command for ssl and htpps


# yum install httpd 

# yum install mod_ssl openssl


Activate the SSL Module 

3. Create a file using vi or your favourite  editor for creating SSL certificates for your server

# vi /usr/local/bin/apache_ssl

The contents of the files are given below
#!/bin/bash
mkdir /etc/httpd/ssl
cd /etc/httpd/ssl

echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Apache SSL Certificate and Key!"
read cert

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key
chmod 600 $cert.key
openssl req -new -key $cert.key -out $cert.csr
openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt

echo -e " The Certificate and Key for $cert has been generated!\nPlease link it to Apache SSL available website!"
ls -all /etc/httpd/ssl
exit 0

4. Change the permission of the file so that we can execute the as a command

# chmod +x /usr/local/bin/apache_ssl

Create a Self-Signed SSL Certificate

5. Run the apache_ssl file to generate the certificate files fo SSL using OpenSSL below is the sample screen where we needed to give input for some fields

# apache_ssl

mkdir: cannot create directory `/etc/httpd/ssl': File exists
Enter your virtual host FQDN:
This will generate the default name for Apache SSL Certificate and Key!
hanuman
.........................................................................................................................                             ...............................................+++
.........................................................................................................................                             ...................................................................+++
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TELENGANA
Locality Name (eg, city) [Default City]:HYDERABAD
Organization Name (eg, company) [Default Company Ltd]:HANUMAN.COM
Organizational Unit Name (eg, section) []:HELPDESK
Common Name (eg, your name or your server's hostname) []:HELPDESK
Email Address []:XYZ@XYZ.COM

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Signature ok
subject=/C=IN/ST=TELENGANA/L=HYDERABAD/O=HANUMAN.COM/OU=HELPDESK/CN=HELPDESK/emailAddress=XYZ@XYZ.COM
Getting Private key
 The Certificate and Key for hanuman has been generated!
Please link it to Apache SSL available website!
total 32
drwxr-xr-x. 2 root root 4096 Dec 23 13:53. 
drwxr-xr-x. 5 root root 4096 Dec 17 16:28.. 
-rw-r--r--. 1 root root 1306 Dec 23 13:53 hanuman.crt
-rw-r--r--. 1 root root 1058 Dec 23 13:53 hanuman.csr
-rw-------. 1 root root 1708 Dec 23 13:52 hanuman.key


Configure Apache to Use SSL

6. We needed to edit the configuration file so that we can use SSL certificates which are generated just now

# vi /etc/httpd/conf/httpd.conf

Add the following to the file  in SSL section

SSLCertificateFile /etc/httpd/ssl/hanuman.crt
SSLCertificateKeyFile /etc/httpd/ssl/hanuman.key



To Redirect http to https 80 - 443

Add the following to the file in Virtual Host Section

<VirtualHost *:80>
    ServerName localhost servername ipaddress
    Redirect / https://ipaddress/
</VirtualHost>



# Service httpd restart

Check you website with http://your-ip-address it will redirect to https://your-ip-address


Keywords: Apache, HTTPS, Redirection, SSL, OpenSSL, Apache, Centos 6.7 

Comments

Post a Comment

Popular posts from this blog

Observium: Configuring Microsoft Windows 2008 Server SNMP Agent

Image
1 . Open Control Pannel. 2. Right click on “ Programs & Features ” and click on “ Turn Windows Features on or off" 3 . Expand “ SNMP Services ” and select “ SNMP Service ” click Next 4. Click Install 5. Close  Programs & Features ” 6. Open Ädministraive Tools and clicket Services 7. Expand Configuration and select Services,  Select SNMP Service , right click and select properties 8 . Select the “ Agent ” tab 9. Type the contact name responsible for this server or email address 10 . Type the location eg, Hyderabad,India. 11 . Tick the following  Physical Datalink and subnetwork  SNMP Trap Service - Agent 12 . Select the “ Traps ” tab 13 . Type in the community string you are using in your environment and select “ Add to list ” 14 . Click “ Add ” 15 . Type the IP of the Observium ServerSNMP Trap Service - Traps 16 . Select “ Security ” tab 17 . Ensure “ Send authentication trap ” is
Read more

AWS: Upgrade PV Drivers on Windows Instances

Image
Amazon Windows AMIs contain a set of drivers to permit access to Xen virtualized hardware. These drivers are used by Amazon EC2 to map instance store and Amazon EBS volumes to their devices. If your Windows instance is launched from a Windows Server 2012 R2 AMI, it uses AWS PV drivers. If your Windows instance uses RedHat drivers, you can upgrade to Citrix drivers. If you are already using Citrix drivers, you can upgrade the Citrix Xen guest agent service. To verify which driver your Windows instance uses , open  Network Connections  in Control Panel and view the  Local Area Connection . Check whether the driver is one of the following: AWS PV Network Device Citrix PV Ethernet Adapter RedHat PV NIC Driver Alternatively, you can check the output from the  pnputil -e  command. AWS PV Drivers Windows Server 2012 R2 AMIs include AWS PV drivers. The AWS PV drivers are stored in the %ProgramFiles%\Amazon\Xentools directory. This directory also contains public symbo
Read more

How to configure Incremental backups for MSSQL Database

Image
Incremental Database Backup : Create a folder for the backup in the Hardisk (Ex: C:\SQL_backup\Incrementail) 1. Open SQL Server Management Studio and connect using windows credentials. 2. Click Management   and select Maintenance Plans . 3. Right-Click on Maintenance Plans and select New Maintenance Plans, Give naming Convention as Incremental_DB_Backup . 4. In Left side of Server Management Studio there will be a Tool Box within Maintenance Plan Tasks   5. Drag and drop the Back Up Database Task and Maintenance Clean Task in the Incremental_DB_Backup   Design area.   6. Right Click on the Back Up Database Task and select Edit .   7. Select the Type of Backup you want to do as Differential 8. Select the Database In Database(s)   in these database list (Ex: TestDB.)   9. Select Create a Backup file for every database , select Create a sub-directory for each database 10. Give the path where we want to store the database backup as C:\SQL_backup\I
Read more