Apache with SSL & http redirection to https on Centos 6.7

Apache with SSL & http redirection to https on Centos 6.7

The TLS (transport layer security) and its predecessor SSL( secure sockets layer)  are the secure protocols created in order to place normal traffic in a protected, encrypted wrapper.

These protocols allow traffic to be sent safely between remote parties with secure data transfer  where  data is being intercepted and read by someone else in the middle.


In this guide, will learn how to create a self-signed SSL certificate for Apache on an Ubuntu 14.04 server.  Which will allow you to encrypt traffic from your server to client. While this does not provide the benefit of third party validation of your server's identity, it only full fills the requirements of those simply wanting to transfer information securely to the client.

Prerequisites

1. Update the Linux system

# yum update

2. Install the packages using this command for ssl and htpps


# yum install httpd 

# yum install mod_ssl openssl


Activate the SSL Module 

3. Create a file using vi or your favourite  editor for creating SSL certificates for your server

# vi /usr/local/bin/apache_ssl

The contents of the files are given below
#!/bin/bash
mkdir /etc/httpd/ssl
cd /etc/httpd/ssl

echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Apache SSL Certificate and Key!"
read cert

openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key
chmod 600 $cert.key
openssl req -new -key $cert.key -out $cert.csr
openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt

echo -e " The Certificate and Key for $cert has been generated!\nPlease link it to Apache SSL available website!"
ls -all /etc/httpd/ssl
exit 0

4. Change the permission of the file so that we can execute the as a command

# chmod +x /usr/local/bin/apache_ssl

Create a Self-Signed SSL Certificate

5. Run the apache_ssl file to generate the certificate files fo SSL using OpenSSL below is the sample screen where we needed to give input for some fields

# apache_ssl

mkdir: cannot create directory `/etc/httpd/ssl': File exists
Enter your virtual host FQDN:
This will generate the default name for Apache SSL Certificate and Key!
hanuman
.........................................................................................................................                             ...............................................+++
.........................................................................................................................                             ...................................................................+++
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TELENGANA
Locality Name (eg, city) [Default City]:HYDERABAD
Organization Name (eg, company) [Default Company Ltd]:HANUMAN.COM
Organizational Unit Name (eg, section) []:HELPDESK
Common Name (eg, your name or your server's hostname) []:HELPDESK
Email Address []:XYZ@XYZ.COM

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Signature ok
subject=/C=IN/ST=TELENGANA/L=HYDERABAD/O=HANUMAN.COM/OU=HELPDESK/CN=HELPDESK/emailAddress=XYZ@XYZ.COM
Getting Private key
 The Certificate and Key for hanuman has been generated!
Please link it to Apache SSL available website!
total 32
drwxr-xr-x. 2 root root 4096 Dec 23 13:53. 
drwxr-xr-x. 5 root root 4096 Dec 17 16:28.. 
-rw-r--r--. 1 root root 1306 Dec 23 13:53 hanuman.crt
-rw-r--r--. 1 root root 1058 Dec 23 13:53 hanuman.csr
-rw-------. 1 root root 1708 Dec 23 13:52 hanuman.key


Configure Apache to Use SSL

6. We needed to edit the configuration file so that we can use SSL certificates which are generated just now

# vi /etc/httpd/conf/httpd.conf

Add the following to the file  in SSL section

SSLCertificateFile /etc/httpd/ssl/hanuman.crt
SSLCertificateKeyFile /etc/httpd/ssl/hanuman.key



To Redirect http to https 80 - 443

Add the following to the file in Virtual Host Section

<VirtualHost *:80>
    ServerName localhost servername ipaddress
    Redirect / https://ipaddress/
</VirtualHost>



# Service httpd restart

Check you website with http://your-ip-address it will redirect to https://your-ip-address


Keywords: Apache, HTTPS, Redirection, SSL, OpenSSL, Apache, Centos 6.7 

Comments

Post a Comment

Popular posts from this blog

Observium: Configuring Microsoft Windows 2008 Server SNMP Agent

Image
1 . Open Control Pannel. 2. Right click on “ Programs & Features ” and click on “ Turn Windows Features on or off" 3 . Expand “ SNMP Services ” and select “ SNMP Service ” click Next 4. Click Install 5. Close  Programs & Features ” 6. Open Ädministraive Tools and clicket Services 7. Expand Configuration and select Services,  Select SNMP Service , right click and select properties 8 . Select the “ Agent ” tab 9. Type the contact name responsible for this server or email address 10 . Type the location eg, Hyderabad,India. 11 . Tick the following  Physical Datalink and subnetwork  SNMP Trap Service - Agent 12 . Select the “ Traps ” tab 13 . Type in the community string you are using in your environment and select “ Add to list ” 14 . Click “ Add ” 15 . Type the IP of the Observium ServerSNMP Trap Service - Traps 16 . Select “ Security ” tab 17 . Ensure “ Send authentication trap ” is
Read more

AWS: Introduction to AWS (Amazon Web Services)

Image
Amazon Web Services (AWS) Considering that you don't have an account with AWS ( Amazon Web Services) this Demo is divided into 5 steps 1. Creating/Sign Up for AWS account. 2. Creat ing an IAM user . 3. Creat ing a secure key pair. 4. Creat ing a Virtual Private Cloud (VPC) 5. Creat ing a security group for access. 1. Creating/Sign Up for AWS account When we sign up for the AWS account, we get automatic  access for all the services in the AWS, which includes the Amazon EC2 and we are charged for only the services which we chose and use. With Amazon EC2 we will pay for that what we use and if we are a  new AWS customer and we can get started with Amazon EC2 for free. If we have an AWS account already, we can skip the next task or else we can continue with the account creation. You can check the AWS Free Tier information here http://aws.amazon.com/free/ To create an AWS account, we needed to access the URL a). Connect to the URL http://
Read more

System/Server Health Status using PowerShell

Image
System/Server Health Status using PowerShell Support team or System Administrators who are willing to get the system health check status can use this script. This script has been written in Powershell and it can generate   reports   in HTML format. This script can give you below information: Hardware: To Get Manufacturer, Model, No.   Of   Logical Processors, Installed Memory.   Code:  Get-WmiObject -class Win32_ComputerSystem -ComputerName $Computername | Select-Object Name,Domain,Manufacturer, Model,NumberOfLogicalProcessors,@{ Name = "Installed Memory (GB)" ; Expression = { "{0:N0}" -f( $_.TotalPhysicalMemory / 1gb ) } }            CPU Details: To Get  CPU speed, Current CPU Usage in %,  Code: Get-WmiObject win32_processor | Select-Object SystemName,@{ Expression = { $_.MaxClockSpeed/1000 } ; Name = "CPU Speed in GHz." } ,NumberOfCores,NumberOfLogicalProcessors,@{ Name = "Current CPU Ussage in % " ; Expre
Read more