HTTP and HTTPS with Apache server
Apache is the most widely used web server. For secure HTTP protocol we need to check whether mod_ssl (Secure Socket Layer) module of Apache is installed/loaded or not… this mod_ssl module may be loaded as static or daynamic module. The static mean SSL support will be part of apache binary and in case of dynamic loading the so ie shared object file will be load by apache during run time.
- How to chceck- is mod_ssl loaded ?
[root@indiangnu.org ~]# /usr/local/apache/bin/httpd -l
Compiled-in modules:
http_core.c
mod_env.c
mod_log_config.c
mod_mime.c
mod_negotiation.c
mod_status.c
mod_include.c
mod_autoindex.c
mod_dir.c
mod_cgi.c
mod_asis.c
mod_imap.c
mod_actions.c
mod_userdir.c
mod_alias.c
mod_access.c
mod_auth.c
mod_so.c
mod_setenvif.c
mod_ssl.c
mod_frontpage.c
suexec: enabled; valid wrapper /usr/local/apache/bin/suexec
[root@indiangnu.org ~]# httpd -l
- Apache configuration file
#set port 80 for HTTP and 443 for HTTPS
<IfDefine SSL>
Listen 80
Listen 443
</IfDefine>
# Setting to vitual hosting
NameVirtualHost 192.168.1.100:80
NameVirtualHost 192.168.1.100:443
#virtual hosting for HTTP
<VirtualHost 192.168.1.100:80>
ServerName nishit.indiangnu.org
ServerAlias www.nishit.indiangnu.org
DocumentRoot /home/nishit/public_html
#BytesLog /usr/local/apache/domlogs/nishit.indiangnu.org-bytes_log
CustomLog /usr/local/apache/domlogs/nishit.indiangnu.org combined
ScriptAlias /cgi-bin/ /home/nishit/public_html/cgi-bin/
</VirtualHost>
# vitual hosting for HTTPS
<VirtualHost 192.168.1.100:443>
SSLEngine On
SSLCertificateFile /usr/local/apache/conf/ssl.crt/indiangnu.org.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/indiangnu.org.key
ServerName nishit.indiangnu.org
ServerAlias www.nishit.indiangnu.org
ServerAdmin webmaster@nishit.indiangnu.org
DocumentRoot /home/nishit/public_html
</VirtualHost>
#done
# Now restart apache server and check on which port apache is listening
[root@indiangnu.org ~]# netstat -nlp | grep :80
tcp 0 0 0.0.0.0:80 0.0.0.0:* LISTEN 14037/httpd
[root@indiangnu.org ~]# netstat -nlp | grep :443
tcp 0 0 0.0.0.0:443 0.0.0.0:* LISTEN 14037/httpd
[root@indiangnu.org~]#
#Then restart apache and browse the sites
- How to generate SSL Certificate
1)
[root@indiangnu.org~]# openssl genrsa -out /etc/ssl/certs/indiangnu.org.key 1024
Generating RSA private key, 1024 bit long modulus
…………..++++++
……………………………………………………..++++++
e is 65537 (0x10001)
2)
[root@indiangnu.org~]# openssl rsa -in /etc/ssl/certs/indiangnu.org.key -out /etc/ssl/certs/indiangnu.org.pem
writing RSA key
[root@indiangnu.org~]# ls
indiangnu.org.key
[root@indiangnu.org~]# cat indiangnu.org.key
—–BEGIN RSA PRIVATE KEY—–
MIICXAIBAAKBgQDIPCf524g9caXTu7nGd4Tsu+ou84e5L9uBeQ3u00b4A7z5j89M
8+bec9E4n4pd0QCBVgO6snCrd/BHKpa8QkL/o6nJaww3jPuNlPmw95GpjwETDTvv
9wH+k/eZtNWTG4vz5txUklcLekXrwPfBGWVkLQK9T0DfZFUdjYtZX6d/VQIDAQAB
AoGAayoe7w96bAAeEyLee4TOBHFSFYzK7+bYIQQr280Bp41An4RDG1lSD26G5Dom
sK1CCvaBCnOj73FCjKQThnAkMH8+PjugVJOknjrP4gZ+yGNN2QATG9RKfLOJ/Uzy
CNWCUynGFp8EXcoldMcGvtcGZeMx4WN12QtGTGXrkJj6FYUCQQD/v3J4K+ofA9Kx
ujKjthzasjGS+Lb48BWqy+SzSzIJWI04vsxTxnf1INzCwqVlrJiJUVrZR36GKaTr
0f6i6mOfAkEAyG6ydcmyc0eZnCpqicYsOQ+861M6sKw9Xt0YMfFV4rbybTToKZTL
2OjWhvN484KiAsvD1F+DD6UTizy4D6OYiwJBAJA4CLglo3/b6wuYQYg6YSkehYAo
yx20XbOUCSLmS5AjpHeUeKrhZ7IO1w7pLtYYL2h4PS/79ih4AW2OXPbIEGcCQDzF
i6i5KjlX6VR3a+wwQTJf+jkj+DSfVNBRm0dxVEg0jlbcZtRMwG4ZUwqCAhdbcYIF
hG/9McDpnX5nP6vGP7cCQF4BmpeqQ+pGlyCIh+oE7O7FZxxL8Q/ucRRqDUcKtcZr
opKSxvs6Uez9l14TqgiFVKShB3CRuBCFkAxyYqxYafI=
—–END RSA PRIVATE KEY—–
3)
[root@indiangnu.org~]# openssl req -new -key /etc/ssl/certs/indiangnu.org.key -out /etc/ssl/certs/indiangnu.org.crt
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:MH
Locality Name (eg, city) [Newbury]:Mumbai
Organization Name (eg, company) [My Company Ltd]:IndianGNU.org
Organizational Unit Name (eg, section) []:System
Common Name (eg, your name or your server’s hostname) []:nishit.indiangnu.org
Email Address []:to@nishit.indiangnu.org
Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[root@indiangnu.org~]#
4) If you want to force an SSL connection and redirect all traffic to port 80 to port 443 (HTTPS), use this instead:
RewriteEngine on
RewriteCond %{SERVER_PORT} ^80$
RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
Thank you,
Arun
Similar Posts:
- Unable to Verify HTTPS Certificate (Unknown Authority)
- How to reload service by using kill command
- How to build rpm for http with mpm worker (on x86_64)
- How to build RPM of PHP for apache with mpm-worker
- How to install GeoIP and mod_geoip2 on centos for apache
- How to install GeoIP and mod_geoip2 on centos for apache
- Apache – (28)No space left on device: Cannot create SSLMutex