Enabling HTTPS in Apache

To enable SSL encryption, we need to install OpenSSL and mod-ssl (extension for Apache)

[[email protected] ~]# yum install mod_ssl openssl

We generate our own certificate using OpenSSL, for this

  • Generating a private key with 2048-bit encryption
  • Generating a CSR certificate request
  • We generate a self-signed key for 356 days
[[email protected] ~]# openssl genrsa -out ca.key 2048
[[email protected] ~]# openssl req -new -key ca.key -out ca.csr
[[email protected] ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Move the resulting files to the correct location

[[email protected] ~]# mv ca.crt /etc/pki/tls/certs
[[email protected] ~]# mv ca.key /etc/pki/tls/private/ca.key
[[email protected] ~]# mv ca.csr /etc/pki/tls/private/ca.csr

Update the Apache SSL config file

[[email protected] ~]# vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Then you need to restart Apache

[[email protected] ~]# service httpd restart

Configuring virtual hosts

Everything is the same as how you created VirtualHosts for HTTP on 80 port – everything is also for HTTPS at the port 443… A typical virtual host for port 80 looks like this

<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
</VirtualHost>

To enable ssl you need to add the following at the top of your file

NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
</VirtualHost>

And restart Apache

[[email protected] ~]# service httpd restart

Configuring the firewall

We need to open port 443 so that we can connect to the site via https

[[email protected] ~]# iptables -A INPUT -p tcp --dport 443 -j ACCEPT
[[email protected] ~]# /sbin/service iptables save
[[email protected] ~]# iptables -L -v
Sidebar