In this article we are going to discuss on SSL Configuration in Apache Web Server. SSL Stands for Secure Sockets Layer used for Websites to transfer data over internet or over network Securely. In today’s world Internet is became mandatory to perform any task such as Bank Transactions, Shopping, All kind Bill Payments and So on. To do all this task we need to Enter our Confidential Information like Credit/Debit Card Numbers, Bank Account Number, Username, Password and So on.

Download Free Linux eBook HERE! "Learn Linux in 5 Days" - A Free Linux eBooks for Beginners

Because of SSL Certificate our Confidential Data able to transfer over internet in Encrypted Format So that no one can Hack and Understand and steal our data, Without SSL the data over internet will travel in a plain text format and any one can hack our data and can misuse it.

So Let’s have a look at the steps of SSL Configuration in Apache Web Server.

Preparation Before Apache SSL Configuration:

Before SSL Configuration for Apache VirtualHost we need to Install and Configure Apache Web Server and add a VirtualHost as a Example purpose. So Follow the below steps to do the same.

Install Apache Package by below command :

# yum -y install httpd Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirror.fibergrid.in * base: mirror.fibergrid.in * extras: mirror.fibergrid.in * updates: mirror.fibergrid.in Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package httpd.i386 0:2.2.3-92.el5.centos set to be updated addons/filelists_db | 574 B 00:00 base/filelists | 3.1 MB 00:26 extras/filelists_db | 212 kB 00:01 updates/filelists_db | 5.0 MB 00:43 --> Finished Dependency Resolution Dependencies Resolved ================================================================================ Package Arch Version Repository Size ================================================================================ Installing: httpd i386 2.2.3-92.el5.centos updates 1.2 M Transaction Summary ================================================================================ Install 1 Package(s) Upgrade 0 Package(s) Total download size: 1.2 M Downloading Packages: httpd-2.2.3-92.el5.centos.i386.rpm | 1.2 MB 00:10 warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID e8562897 updates/gpgkey | 1.5 kB 00:00 Importing GPG key 0xE8562897 "CentOS-5 Key (CentOS 5 Official Signing Key) " from /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Installing : httpd 1/1 Installed: httpd.i386 0:2.2.3-92.el5.centos Complete! [root@localhost ~]#

We can use below command to check if httpd is installed or not

# rpm -qa | grep httpd httpd-2.2.3-92.el5.centos

Now we need to add a VirtualHost So follow the below steps to do the same.

Before any changes in Apache main Configuration file (httpd.conf) take a backup by below command.

# cd /etc/httpd/conf # cp httpd.conf httpd.conf.backup # ls httpd.conf httpd.conf.backup magic

Now edit the httpd.conf file and go to the end of the configuration file, follow the below steps

# nano /etc/httpd/conf/httpd.conf

Now add the below lines to add a VirtualHost

192.168.0.107 is the IP Address if the Apache Web Server and Port 80 is the Default for WWE.

As we can see above on VirtualHost we have mentioned DocumentRoot Path i.e. /var/www/html/elinuxbook.com, So we need to create a Directory elinuxbook.com and copy our Website Document’s on this path.

For now we can create a sample index.html file as a Website Document and put some text like Welcome to ELinuxBook (As per my Scenario) by edit it, so follow the below steps :

# mkdir /var/www/html/elinuxbook.com # nano /var/www/html/elinuxbook.com/index.html # ls -l /var/www/html/elinuxbook.com/ total 4 -rw-r--r-- 1 root root 22 Dec 11 20:21 index.html

Now check the httpd.conf if everything is perfectly configured by below command.

# httpd -t Syntax OK

As we can see above everything looks good, So let’s start the apache server and also start it on Startup by below command.

# /etc/init.d/httpd start Starting httpd: [ OK ] # chkconfig --level 35 httpd on # chkconfig --list httpd httpd 0:off 1:off 2:off 3:on 4:off 5:on 6:off

Now test it by entring http://localhost in Browser.

OR If you want to access by domain name as mentioned in VirtualHost i.e. elinuxbook.com, you have to Configure BIND DNS Server OR just enter in /etc/hosts file as shown below.

Just edit the /etc/hosts file using command nano /etc/hosts and enter the line as highlighted below on the snapshot.

As we can see above now our site is opening as http://localhost means now it’s not configured with SSL, Let’s configure this VirtualHost to work over https, So Follow the below steps.

Step : 1 Install Required Packages

We need to install two Packages to Configure SSL for Apache VirtualHost i.e.

1. openssl

2. mod_ssl

So Let’s Install required packages by below command.

# yum -y install openssl mod_ssl Loaded plugins: fastestmirror Loading mirror speeds from cached hostfile * addons: mirror.fibergrid.in * base: mirror.fibergrid.in * extras: mirror.fibergrid.in * updates: mirror.fibergrid.in Setting up Install Process Resolving Dependencies --> Running transaction check ---> Package mod_ssl.i386 1:2.2.3-92.el5.centos set to be updated --> Processing Dependency: libdistcache.so.1 for package: mod_ssl --> Processing Dependency: libnal.so.1 for package: mod_ssl ---> Package openssl.i686 0:0.9.8e-40.el5_11 set to be updated --> Running transaction check ---> Package distcache.i386 0:1.4.5-14.1 set to be updated --> Finished Dependency Resolution Dependencies Resolved ================================================================================================================ Package Arch Version Repository Size ================================================================================================================ Installing: mod_ssl i386 1:2.2.3-92.el5.centos updates 98 k Updating: openssl i686 0.9.8e-40.el5_11 updates 1.7 M Installing for dependencies: distcache i386 1.4.5-14.1 base 119 k Transaction Summary ================================================================================================================ Install 2 Package(s) Upgrade 1 Package(s) Total download size: 1.9 M Downloading Packages: (1/3): mod_ssl-2.2.3-92.el5.centos.i386.rpm | 98 kB 00:03 (2/3): distcache-1.4.5-14.1.i386.rpm | 119 kB 00:01 (3/3): openssl-0.9.8e-40.el5_11.i686.rpm | 1.7 MB 00:14 ---------------------------------------------------------------------------------------------------------------- Total 58 kB/s | 1.9 MB 00:33 Running rpm_check_debug Running Transaction Test Finished Transaction Test Transaction Test Succeeded Running Transaction Updating : openssl 1/4 Installing : distcache 2/4 Installing : mod_ssl 3/4 Cleanup : openssl 4/4 Installed: mod_ssl.i386 1:2.2.3-92.el5.centos Dependency Installed: distcache.i386 0:1.4.5-14.1 Updated: openssl.i686 0:0.9.8e-40.el5_11 Complete! [root@localhost ~]#

Step : 2 Generate Self-Signed Certificate

Now Let’ go ahead and Generate Self-Signed Certificate for our VirtualHost to be work as SSL, So Follow the below Steps :

1. Generate Private Key using below Command :

# openssl genrsa -out elinuxbook.key 2048 Generating RSA private key, 2048 bit long modulus ............+++ .........................................+++ e is 65537 (0x10001)

2. Generate CSR i.e. Certificate Signing Request :





# openssl req -new -key elinuxbook.key -out elinuxbook.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [GB]:IN State or Province Name (full name) [Berkshire]:Maharashtra Locality Name (eg, city) [Newbury]:Mumbai Organization Name (eg, company) [My Company Ltd]:ELinuxBook Organizational Unit Name (eg, section) []:Linux Education Common Name (eg, your name or your server's hostname) []:elinuxbook.com Email Address []:admin@elinuxbook.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: [root@localhost ~]#

3. Generate Self-Signed Certificate :

# openssl x509 -req -days 1095 -in elinuxbook.csr -signkey elinuxbook.key -out elinuxbook.crt Signature ok subject=/C=IN/ST=Maharashtra/L=Mumbai/O=ELinuxBook/OU=Linux Education/CN=elinuxbook.com/emailAddress=admin@elinuxbook.com Getting Private key

So we Generated all required Certificates as shown below.

# ls anaconda-ks.cfg Desktop elinuxbook.crt elinuxbook.csr elinuxbook.key install.log install.log.syslog

Step : 3 Copy Certificates to Necessary Location

Now we have to copy all created Certificates to necessary location.

Copy the elinuxbook.crt to /etc/pki/tls/cert





# cp elinuxbook.crt /etc/pki/tls/certs/ # ls /etc/pki/tls/certs/ ca-bundle.crt elinuxbook.crt localhost.crt make-dummy-cert Makefile

Copy the elinuxbook.key to /etc/pki/tls/private

# cp elinuxbook.key /etc/pki/tls/private/ # ls anaconda-ks.cfg Desktop elinuxbook.crt elinuxbook.csr elinuxbook.key install.log install.log.syslog

Copy the elinuxbook.csr to /etc/pki/tls/private

# cp elinuxbook.csr /etc/pki/tls/private/ # ls /etc/pki/tls/private/ elinuxbook.csr elinuxbook.key localhost.key

Step : 4 Configure ssl.conf

As we can see above we copied all Certificates to required directories, now let’s configure the ssl.conf file as shown below.

Edit the /etc/httpd/conf.d/ssl.conf file as shown below

# nano /etc/httpd/conf.d/ssl.conf

now search for SSLCertificateFile and then mention the path of SSL Certificate file infront of that which we created above i.e. elinuxbook.crt

After mention the path the line should look like as mentioned below :

SSLCertificateFile /etc/pki/tls/certs/elinuxbook.crt

now search for SSLCertificateKeyFile and then mention the path of SSL Certificate Key file infront of that which we created above i.e. elinuxbook.key

After mention the path the line should look like as mentioned below :

SSLCertificateKeyFile /etc/pki/tls/private/elinuxbook.key

As shown on the snapshot above required changes in ssl.conf configuration file hilighted by blue color.