Here is a short note on how to configure Apache to use a certificate file for SSL or How to enable https in Apache httpd server. After you enable SSL in the web server configuration, you should be able to access the application using https.
Install The mod_ssl Plugin
1. Make sure that mod_ssl is installed.
# rpm -qa | grep mod_ssl
2. If mod_ssl is not installed, install it using yum:
# yum install mod_ssl
Edit SSL Certificate And Keys
1. Edit /etc/httpd/conf.d/ssl.conf with the filenames of the server name and SSL Certificate information. The parameters to be edited are
a. ServerName
b. SSLCertificateFile
c. SSLCertificateKeyFile
# vi /etc/httpd/conf.d/ssl.conf # ServerName www.example.com:443 SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
Here,
– The ServerName must match the Common Name (CN) of the SSL certificate, or client browsers will get a “domain mismatch” message. To view the certificate Common Name (CN):
# openssl x509 -noout -text -in localhost.crt | grep CN[/code]
– The SSLCertificateKeyFile is the private key associate with the certificate (the public key).
– Verify that the Listen directive in ssl.conf is correct for your setup. For example, if an IP address is specified, it needs to match the ip address the httpd service is bound to.
Restart the Apache webserver
For the changes to take effect we must restart the Apache webserver.
For CentOS/RHEL 5,6
# service httpd restart
For CentOS/RHEL 7
# systemctl restart httpd.service
Verify SSL connectivity from the command line
There are several tools available to test the SSL connectivity. Depending on what needs to be tested, use any of the methods described below.
1. OpenSSL s_client
Use ‘openssl s_client -connect TARGET:PORT‘ to test & troubleshoot SSL/TLS connections to a target server. To test a webserver on the standard port:
# openssl s_client -connect www.example.com:443
2. cURL
This tool is often the first choice as it allows you to quickly change between the http and https protocols.
# curl --head https://www.example.com