Securing Apache web server with SSL Certificate
When accessing a website, user sends its request to server & server than responds to user with the requested data. During this process data gets passed on from one computer to another until it reaches to its destination and data during transit can be intercepted leading to loss of personal sensitive information like user name/password or credit card information. To avoid this websites encrypt data during transit, so even if data has been compromised during transit it will be useless to anyone as it will be encrypted.
Data encryption might not seem necessary when reading articles on unixadminschool.com but its absolutely important when shopping online or accessing your bank online. To encrypt traffic, websites uses a SSL certificate.
SSL Certificate
A SSL (short for Secure Socket Layer) certificate is a digital certificate that authenticates identity of a website & encrypts traffic between source and destination. SSL certificates for websites on internet are issued by Global certificate Authorities but for the purpose of this tutorial, we will learn to create a Self signed certificate. Self signed certificates are used for local exampleing or development purposes & are signed locally rather than by a global authority, making them useful for local environment only.
Prerequisites
1- First thing we will need is a configured apache web-server,
2- and we will also need mod_ssl module for apache to implement the ssl settings & Openssl to create a ssl certificate. Install the packages by running
| # yum install mod_ssl openssl |
Creating the certificate
Firstly we will create a directory to put the ssl certificates,
| # mkdir /etc/httpd/ssl # cd /etc/httpd/ssl |
Now, create a self-signed key and certificate pair with OpenSSL by running the following command
| #$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt |
here, openssl is the command for creating and managing ssl,
req –x509 is public key infrastructure for ssl,
-nodes, means we don’t need a passphrase,
-days 365 is the validity of the certificate,
-newkey rsa:2048 means cert will 2048 bit long,
-keyout, means where to place Private key,
-out means where to place our certificate.
Once the command has been executed, we will be asked to provide some details,
| Output Country Name (2 letter code) : IN State or Province Name : Delhi Locality Name New Delhi Organization Name :UnixAdminSchool Organizational Unit Name : IT Common Name : unixadminschool.com (IP address can also be used) Email Address :admin@unixadminschool.com |
SSL certificate will be generated after entering the required information. We will now configure apache server to accept the ssl certificate.
Adding Certificate to Web Server
For apache server to accept the ssl certificate, we need to make changes to ‘/etc/httpd/conf.d/ssl.conf’
| $ vi /etc/httpd/conf.d/ssl.conf |
then search for the line with ‘VirtualHost _default_:443’ & change the server name to one you used as common name on your ssl certificate (example.com), so it look like
| <VirtualHost _default_:443> . . . DocumentRoot “/var/www/html” ServerNamewww.example.com:443 |
Next we will add the path to our certificate & Private Key,
| SSLEngine on SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key |
Next save the file & restart your apache service
| $ systemctl restart httpd |
Last thing that remains it to test if the ssl certificate is working or not, open web browser & try accessing the websites, prefixing with https rather than http
| https://www.example.com |
That’s it guys, we have successfully created a self-signed certificate for our website.
Comment On Blog