Linux Security: Working with OpenSSL and httpd

Install ‘mod_ssl’ on the host ‘webserver’

sudo yum install mod_ssl

Generate and sign the private key for ‘shop.example.com’ using ‘openssl’

openssl genrsa -aes128 -out /etc/pki/tls/private/httpdkey.pem
# You will get a prompt for a password 

openssl req -new -x509 -key /etc/pki/tls/private/httpdkey.pem -out /etc/pki/tls/certs/httpdcert.pem -days 365
# You will get a prompt for a password 

Update the default Apache virtual host to accept connections on ‘shop.example.com’ using the new keypair, and allow HTTPS traffic through the firewall.

Make the following changes to /etc/httpd/conf.d/ssl.conf:
At the end of the <VirtualHost _default_:443> section, add the following on a new line:ServerName shop.example.com:443

Find SSLCertificateFile /etc/pki/tls/certs/localhost.crt, and change it to the following:SSLCertificateFile /etc/pki/tls/certs/httpdcert.pem

Find SSLCertificateKeyFile /etc/pki/tls/private/localhost.key, and change it to the following:SSLCertificateKeyFile /etc/pki/tls/private/httpdkey.pem
systemctl restart httpd
sudo firewall-cmd --add-service=https --permanent 
sudo firewall-cmd --reload

Verify the configuration with ‘openssl’ from the host ‘workstation’

openssl s_client -connect shop.example.com:443 > /home/cloud_user/httpd_output

Full Video

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

A WordPress.com Website.

Up ↑

%d bloggers like this: