Posted   by 

Apache Web Server Ssl



Server

  1. The Online Certificate Status Protocol (OCSP) is a mechanism for determining whether or not a server certificate has been revoked, and OCSP Stapling is a special form of this in which the server, such as httpd and modssl, maintains current OCSP responses for its certificates and sends them to clients which communicate with the server.
  2. The SSLCertificateFile and SSLCertificateKeyFile directives in the SSL.conf file must point to the corresponding certificate and key files. If you are using Apache virtual host feature, each virtual host you want to secure must have its own private key and server certificate. Generate a Private Key SSL uses keys to encrypt and decrypt messages.

Create a CSR using OpenSSL & install your SSL certificate on your Apache server Use the instructions on this page to use OpenSSL to create your certificate signing request (CSR) and then to install your SSL certificate on your Apache server.

Here is a short note on how to configure Apache to use a certificate file for SSL or How to enable https in Apache httpd server. After you enable SSL in the web server configuration, you should be able to access the application using https.

Install The mod_ssl Plugin

1. Make sure that mod_ssl is installed.

2. If mod_ssl is not installed, install it using yum:

Edit SSL Certificate And Keys

1. Edit /etc/httpd/conf.d/ssl.conf with the filenames of the server name and SSL Certificate information. The parameters to be edited are
a. ServerName
b. SSLCertificateFile
c. SSLCertificateKeyFile

Here,
– The ServerName must match the Common Name (CN) of the SSL certificate, or client browsers will get a “domain mismatch” message. To view the certificate Common Name (CN):

– The SSLCertificateKeyFile is the private key associate with the certificate (the public key).
– Verify that the Listen directive in ssl.conf is correct for your setup. Cannot update app on macbook. For example, if an IP address is specified, it needs to match the ip address the httpd service is bound to.

Restart the Apache webserver

For the changes to take effect we must restart the Apache webserver.
For CentOS/RHEL 5,6

For CentOS/RHEL 7

Verify SSL connectivity from the command line

There are several tools available to test the SSL connectivity. Depending on what needs to be tested, use any of the methods described below.

1. OpenSSL s_client

Use ‘openssl s_client -connect TARGET:PORT‘ to test & troubleshoot SSL/TLS connections to a target server. To test a webserver on the standard port:

2. cURL

This tool is often the first choice as it allows you to quickly change between the http and https protocols.

SSL is currently on of the standards of web security. Learn how to implement an SSL certificate on an Apache Web Server to keep your data safe.

Join the DZone community and get the full member experience.

Join For Free

Before you start the installation process, please make sure that a CSR Code is generated, all validations are met, and the SSL Certificate is issued and downloaded.

To Install an SSL Certificate, Perform the Following Steps:

  • Copy the certificate into the shell text editor and name the file “mydomain.crt”

Note: Copy the contents of the certificate from (and including) the -----BEGIN CERTIFICATE---- line to the ---END CERTIFICATE--- line.

  • Copy the certificate to the Apache Server Directory in which you plan to store your certificates (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/)

Note: - If you have a custom installation, please locate the server directory.

  • Open the Apache Configuration file in a text editor. Apache configuration files are usually found in /etc/httpd. The main configuration file is usually named httpd.conf. In most cases, the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find <VirtualHost> blocks in a separate file in a directory like /etc/httpd/sites/ or in a file called ssl.conf.
  • Locate the SSL VirtualHost associated with your certificate. Verify that you have the following two directives within this virtual host. Please add them if they are not present.
    • SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt (or server.crt)
    • SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domainname.key (or server.key)

Note: Some instances of Apache will store Virtual Host information in an ssl.conf file. If your httpd.conf contains no Virtual Host information then you will need to locate and amend the ssl.conf as performed above.

  • Save the changes and exit the shell editor.
  • Start or Restart your Apache web server using one of the following commands:

    • Apache Web Server Ssl Certificate Installation

    By default:

    Apache Web Server Ssl Configuration Windows

    /usr/local/apache/bin/apachectl startssl

    or

    /usr/local/apache/bin/apachectl restart

    Apache Web Server Ssl Config

    ssl certificate,apache web server,security,web security

    Apache Web Server Linux

    Published at DZone with permission of Kalpesh Patel. See the original article here.

    Opinions expressed by DZone contributors are their own.

    Popular on DZone