At this KB I tried to describe how to create SSL certification for the apache web server. First of all, you need to install httpd, OpenSSL,mod_ssl package to create and apply SSL certificates.
Step 1: Check all package exist
# rpm -qa|egrep 'httpd|mod_ssl|openssl' openssl-1.0.1e-42.el6.x86_64 httpd-2.2.15-47.el6_7.1.x86_64 httpd-tools-2.2.15-47.el6_7.1.x86_64 mod_ssl-2.2.15-47.el6_7.1.x86_64
Step 2:Create a script which named apache_ssl
#vi /usr/local/bin/apache_ssl #!/bin/bash mkdir /etc/httpd/ssl cd /etc/httpd/ssl echo -e "Enter your virtual host FQDN: \nThis will generate the default name for Apache SSL Certificate and Key!" read cert openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:2048 -out $cert.key chmod 600 $cert.key openssl req -new -key $cert.key -out $cert.csr openssl x509 -req -days 365 -in $cert.csr -signkey $cert.key -out $cert.crt echo -e " The Certificate and Key for $cert has been generated!\nPlease link it to Apache SSL available website!" ls -all /etc/httpd/ssl exit 0 #chmod 700 /usr/local/bin/apache_ssl
Step 3: Run apache_ssl script.
# /usr/local/bin/apache_ssl mkdir: cannot create directory `/etc/httpd/ssl': File exists Enter your virtual host FQDN: This will generate the default name for Apache SSL Certificate and Key! casesup.com ......................................................................................................................+++ ...................................................+++ You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:TR State or Province Name (full name) []:Marmara Locality Name (eg, city) [Default City]:Istanbul Organization Name (eg, company) [Default Company Ltd]:Casesup.com Organizational Unit Name (eg, section) []:Casesup.com IT Common Name (eg, your name or your server's hostname) []:casesup.server.local Email Address []:info@casesup.com Please enter the following 'extra' attributes to be sent with your certificate request A challenge password []: An optional company name []: Signature ok subject=/C=TR/ST=Marmara/L=Istanbul/O=Casesup.com/OU=Casesup.com IT/CN=casesup.server.local/emailAddress=info@casesup.com Getting Private key The Certificate and Key for casesup.com has been generated! Please link it to Apache SSL available website! total 32 drwxr-xr-x. 2 root root 4096 Jan 26 11:39 . drwxr-xr-x. 5 root root 4096 Jan 26 11:21 .. -rw-r--r--. 1 root root 1363 Jan 26 11:39 casesup.com.crt -rw-r--r--. 1 root root 1082 Jan 26 11:39 casesup.com.csr -rw-------. 1 root root 1704 Jan 26 11:38 casesup.com.key
Step 4: Copy SSL certificates under certs directory (optional)
#cp /etc/httpd/ssl/casesup.com.key /etc/pki/tls/certs/casesup.com.key [/shell] #cp /etc/httpd/ssl/casesup.com.crt /etc/pki/tls/certs/casesup.com.crt
Step 5: Add certificates under ssl.conf
#cat /etc/httpd/conf.d/ssl.conf|grep pki SSLCertificateFile /etc/pki/tls/certs/casesup.com.crt SSLCertificateKeyFile /etc/pki/tls/private/casesup.com.key
Step 6: Restart HTTPD service
#service httpd restart