Linux Security: Working with OpenSSL and httpd

Linux Security: Working with OpenSSL and httpd

Install ‘mod_ssl’ on the host ‘webserver’

sudo yum install mod_ssl

Generate and sign the private key for ‘shop.example.com’ using ‘openssl’

openssl genrsa -aes128 -out /etc/pki/tls/private/httpdkey.pem
# You will get a prompt for a password 

openssl req -new -x509 -key /etc/pki/tls/private/httpdkey.pem -out /etc/pki/tls/certs/httpdcert.pem -days 365
# You will get a prompt for a password 

Update the default Apache virtual host to accept connections on ‘shop.example.com’ using the new keypair, and allow HTTPS traffic through the firewall.

Make the following changes to /etc/httpd/conf.d/ssl.conf:
At the end of the <VirtualHost _default_:443> section, add the following on a new line:ServerName shop.example.com:443

Find SSLCertificateFile /etc/pki/tls/certs/localhost.crt, and change it to the following:SSLCertificateFile /etc/pki/tls/certs/httpdcert.pem

Find SSLCertificateKeyFile /etc/pki/tls/private/localhost.key, and change it to the following:SSLCertificateKeyFile /etc/pki/tls/private/httpdkey.pem
systemctl restart httpd
sudo firewall-cmd --add-service=https --permanent 
sudo firewall-cmd --reload

Verify the configuration with ‘openssl’ from the host ‘workstation’

openssl s_client -connect shop.example.com:443 > /home/cloud_user/httpd_output


Share Tweet Send
0 Comments
Loading...
You've successfully subscribed to Songer Tech
Great! Next, complete checkout for full access to Songer Tech
Welcome back! You've successfully signed in
Success! Your account is fully activated, you now have access to all content.