How To Install and Configure Apache SSL on CentOS 7
0 likes9,063 views
This document provides instructions on how to install and configure Apache SSL on CentOS 7. It includes steps to install the httpd package and enable the service, create a self-signed SSL certificate, configure the SSL settings in the Apache configuration file including the certificate and key files, open firewall ports, and validate the SSL configuration. The goal is to securely serve HTTPS traffic from the Apache web server using the newly created SSL certificate.
How To Install and Configure Apache SSL on CentOS 7
- 1. How To Install and Configure Apache SSL on CentOS 7 i | P a g e Table of Contents Overview.......................................................................................................................................................1 Applies To......................................................................................................................................................1 Pre-Requisites ...............................................................................................................................................1 HTTPD – Package Install............................................................................................................................1 HTTPD – Service Enable ............................................................................................................................1 HTTPD – Service Status .............................................................................................................................2 Start Service ..............................................................................................................................................2 Configure Firewall.....................................................................................................................................2 Launch Website.........................................................................................................................................3 Install and Configure SSL for Apache ............................................................................................................3 Install Mod_SSL.........................................................................................................................................3 Create Certificate (CSR).............................................................................................................................3 Certificate Request................................................................................................................................4 Configure Apache SSL ...................................................................................................................................5 Generate Private Key and Certificate Files ...............................................................................................5 Validate Private Key and Certificate Files .................................................................................................6 Edit SSL Configuration...............................................................................................................................6 Set DocumentRoot....................................................................................................................................6 Set ServerName ........................................................................................................................................6 Set SSLCertificateFile.................................................................................................................................7 Set SSLCertificateKeyFile...........................................................................................................................7 Validate SSL Configuration........................................................................................................................7
- 2. How To Install and Configure Apache SSL on CentOS 7 ii | P a g e Configure Firewall.........................................................................................................................................8 Start Service – HTTPD ...................................................................................................................................8 HTTPD Service Management ....................................................................................................................8 Launch SSL Website ..................................................................................................................................9 General Troubleshooting............................................................................................................................10 Configuration Test...................................................................................................................................10 Testing httpd Configuration – Syntax .................................................................................................10 Testing httpd Configuration – Debug Mode.......................................................................................10 Verify Logs...............................................................................................................................................10
- 3. How To Install and Configure Apache SSL on CentOS 7 1 | P a g e Overview This purpose of this document is to install and configure Apache2 and configure SSL Certificate on CentOS 7 or RHEL 7. Applies To RHEL 7, CentOS 7 Pre-Requisites mod_ssl, install when you want to configure SSL HTTPD – Package Install Download and install Package httpd package on the server, install run the command; yum install -y httpd HTTPD – Service Enable Next step is to enable httpd service to automatically start service at OS boot time. systemctl enable httpd.service
- 4. How To Install and Configure Apache SSL on CentOS 7 2 | P a g e HTTPD – Service Status Next step is to check the status of httpd service, to know the status of service, run the command; systemctl status httpd.service Start Service Next step is to start httpd service, to start run the command; systemctl start httpd.service Configure Firewall Next step is to configure firewall, if the firewall is started. HTTPD service daemon runs on port default port 80, which is not opened as a standard, in order open the port run the command and reload firewall. firewall-cmd --permanent --zone=public --add-service=http firewall-cmd --reload
- 5. How To Install and Configure Apache SSL on CentOS 7 3 | P a g e Launch Website After configuring the firewall, launch the website from the browser. Install and Configure SSL for Apache In order to configure apache (httpd) webserver with SSL Certificate; you have to install package and configure it accordingly. In this guide we will install self-sign SSL Certificate. Install Mod_SSL Next step is to configure SSL Certificate on the server. To install the mod_ssl package, run the command; yum install mod_ssl -y Create Certificate (CSR) Before you create the certificate, SSL store folder has to be created, as shown below.
- 6. How To Install and Configure Apache SSL on CentOS 7 4 | P a g e Certificate Request After mod_ssl package installation, you need to generate a new certificate file for the webserver. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/vcptest-apache.key -out /etc/httpd/ssl/vcptest-apache.crt Attribute Purpose req Certificate Request -x509 PKCS#10 X.509 Certificate Signing Request (CSR) Management -nodes This tells OpenSSL to skip the option to secure our certificate with a passphrase. -days Certificate validity in days -newkey If we want to generate a new certificate and a new key at the same time. -keyout Where to store the generated private key file that would be created. -out Where to store the generated Certificate file that would be created. Note: We need Apache (httpd daemon) to be able to read the file, without user intervention, when the server starts up. If passphrase is set, it would prevent this from happening, since we would have to enter passphrase for every httpd daemon restart.
- 7. How To Install and Configure Apache SSL on CentOS 7 5 | P a g e Organization Information When you request for a new certificate below information has to be included, below is an example. Option Purpose Example Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL https://vcptest.effonetech.com, then your CSR’s common name must be vcptest.effonetech.com. Organization Name Do not abbreviate your organization name. (Legal Name) effonetech.com Organizational Unit Section of the organization IT City or Locality City where organization is legally located Bengaluru State or Province The state or province where organization is legally located. Abbreviation should not be used. Karnataka Country The two-letter abbreviation of country IN Configure Apache SSL Generate Private Key and Certificate Files To generate the new private key and certificate run the command; openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/vcptest-apache.key -out /etc/httpd/ssl/vcptest-apache.crt Out Filename Purpose vcptest-apache.key Private Key File (-keyout) vcptest-apache.crt Certificate File (-out)
- 8. How To Install and Configure Apache SSL on CentOS 7 6 | P a g e Validate Private Key and Certificate Files To ensure the private key and the certificate is generated in the designate directory list and check files. Edit SSL Configuration After the Certificate and private key file are generated, next step is to edit the SSL configuration file of the webserver; ls /etc/httpd/conf.d/ssl.conf vi /etc/httpd/conf.d/ssl.conf Set DocumentRoot Find and set the DocumentRoot attribute value to “/var/www/html” folder, which is also the default. Set ServerName Find and set the ServerName attribute value to “<DomainName>:443”, typically webserver’s FQDN and bind port is default 443.
- 9. How To Install and Configure Apache SSL on CentOS 7 7 | P a g e Set SSLCertificateFile Find and set the SSLCertificateFile attribute value to “/etc/httpd/ssl/vcptest-apache.crt”. Set SSLCertificateKeyFile Find and set the SSLCertificateKeyFile attribute value to “/etc/httpd/ssl/vcptest-apache.key”. Validate SSL Configuration After making the necessary changes to the SSL configuration file, validate them by running the command; cat /etc/httpd/conf.d/ssl.conf | grep ^DocumentRoot cat /etc/httpd/conf.d/ssl.conf | grep ^ServerName cat /etc/httpd/conf.d/ssl.conf | grep ^SSLCertificateFile cat /etc/httpd/conf.d/ssl.conf | grep ^SSLCertificateKeyFile
- 10. How To Install and Configure Apache SSL on CentOS 7 8 | P a g e Configure Firewall Once the configuration of httpd service is completed, next step is to configure firewall, wherein we will open https service port and reload the firewall rules. After configuring the firewall, when the firewall rules are listed “https” service should be listed as shown below. firewall-cmd --permanent --zone=public --add-service=https firewall-cmd --reload firewall-cmd --list-service Start Service – HTTPD After configuring the firewall and reloading it, next step is to restart the service. To restart the run the command; Other service httpd service management commands are also listed below. systemctl restart httpd or systemctl stop httpd; systemctl start httpd HTTPD Service Management Service Control Task Purpose systemctl status httpd Display the current status of httpd service systemctl start httpd Start httpd service systemctl stop httpd Stop httpd service systemctl disable httpd Disable httpd service in multi-user target systemctl enable httpd Enable httpd service in multi-user target systemctl restart httpd Restart httpd service
- 11. How To Install and Configure Apache SSL on CentOS 7 9 | P a g e Launch SSL Website After reloading the firewall and restarting the service and service status is shown as “Running”; Launch the webserver in browser.
- 12. How To Install and Configure Apache SSL on CentOS 7 10 | P a g e General Troubleshooting Configuration Test One more the first and foremost troubleshooting method for httpd webserver is to check the configuration file, which can be done with “apachectl -t” command. Testing httpd Configuration – Syntax To validate configuration for syntax errors run the command; apachectl -t Testing httpd Configuration – Debug Mode To validate configuration for syntax errors in debug mode run the command, you change the debug level according to table mentioned below. apachectl -t -e <Debug Log Level> Test apache configuration and enable debug mode with “Info” Debug Log Level Purpose debug Run test in debug mode and show all the messages related to the httpd service warn Run test and show only warning messages related to the httpd service crit Run test and show critical messages related to the httpd service error Run test and show error messages related to the httpd service info Run test and show informative messages related to the httpd service Verify Logs Second troubleshooting method is checking the different log files, that are located in the folder “/var/log/httpd/”. Log File Name Purpose access_log All access related logs are stored into this file error_log All errors related logs are stored into this file ssl_access_log All SSL Access related logs are stored into this file ssl_error_log All SSL access related error logs are stored into this file ssl_request_log All SSL access related each request log are stored into this file