First, install the httpd with mod_ssl
Server > yum install -i httpd mod_ssl
next, you need to have your certificate. if not, you can create your cert.
Server > genkey (FQDN)
FQDN is your domain name.
this will create 3 item
1- <FQDN>.key : this is your private key. permission is 0600 or 0400, Selinux cert_t
2-<FQDN>.0.csr : this is the file if you need to signed to your CA.
3-<FQDN>.crt : this is the public key. permission 0644, Selinux cert_t
now. put your public key into /etc/pki/tls/certs
apply the correct permission 0644
Server > chmod 0644 /etc/pki/tls/certs/mycert.crt
now, put our private key into /etc/pki/tls/private
apply the permission 0600
Server > chmod 0600 /etc/pki/tls/private/mycert.key
now, edit your httpd config file.
Server > vi /etc/httpd/conf.d/www.conf
below is the example
<Virtualhost *:443>
ServerName www.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCiphersuite HIGH:MEDIUM:!aNull:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/mycert.crt
SSLCertificateKeyFile /etc/pki/tls/private/mycert.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
DocumentRoot /srv/www
</Virtualhost>
<Directory /srv/www>
Require all granted
</directory>
to enable auto direct from http to http, you can use below command
<VirtualHost *:80>
Servername www.example.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
for the SSL, you can use the existing example on /etc/https/conf.d/ssl.conf
Server > yum install -i httpd mod_ssl
next, you need to have your certificate. if not, you can create your cert.
Server > genkey (FQDN)
FQDN is your domain name.
this will create 3 item
1- <FQDN>.key : this is your private key. permission is 0600 or 0400, Selinux cert_t
2-<FQDN>.0.csr : this is the file if you need to signed to your CA.
3-<FQDN>.crt : this is the public key. permission 0644, Selinux cert_t
now. put your public key into /etc/pki/tls/certs
apply the correct permission 0644
Server > chmod 0644 /etc/pki/tls/certs/mycert.crt
now, put our private key into /etc/pki/tls/private
apply the permission 0600
Server > chmod 0600 /etc/pki/tls/private/mycert.key
now, edit your httpd config file.
Server > vi /etc/httpd/conf.d/www.conf
below is the example
<Virtualhost *:443>
ServerName www.example.com
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCiphersuite HIGH:MEDIUM:!aNull:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/mycert.crt
SSLCertificateKeyFile /etc/pki/tls/private/mycert.key
SSLCertificateChainFile /etc/pki/tls/certs/example-ca.crt
DocumentRoot /srv/www
</Virtualhost>
<Directory /srv/www>
Require all granted
</directory>
to enable auto direct from http to http, you can use below command
<VirtualHost *:80>
Servername www.example.com
RewriteEngine on
RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301]
</Virtualhost>
for the SSL, you can use the existing example on /etc/https/conf.d/ssl.conf
Comments
Post a Comment