• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer navigation

The Geek Diary

  • OS
    • Linux
    • CentOS/RHEL
    • Solaris
    • Oracle Linux
    • VCS
  • Interview Questions
  • Database
    • oracle
    • oracle 12c
    • ASM
    • mysql
    • MariaDB
  • DevOps
    • Docker
    • Shell Scripting
  • Big Data
    • Hadoop
    • Cloudera
    • Hortonworks HDP

CentOS / RHEL : How to Enable SSL For Apache

by admin

Here is a short note on how to configure Apache to use a certificate file for SSL or How to enable https in Apache httpd server. After you enable SSL in the web server configuration, you should be able to access the application using https.

Install The mod_ssl Plugin

1. Make sure that mod_ssl is installed.

# rpm -qa | grep mod_ssl

2. If mod_ssl is not installed, install it using yum:

# yum install mod_ssl

Edit SSL Certificate And Keys

1. Edit /etc/httpd/conf.d/ssl.conf with the filenames of the server name and SSL Certificate information. The parameters to be edited are
a. ServerName
b. SSLCertificateFile
c. SSLCertificateKeyFile

# vi /etc/httpd/conf.d/ssl.conf
# ServerName www.example.com:443 
SSLCertificateFile /etc/pki/tls/certs/localhost.crt 
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Here,
– The ServerName must match the Common Name (CN) of the SSL certificate, or client browsers will get a “domain mismatch” message. To view the certificate Common Name (CN):

# openssl x509 -noout -text -in localhost.crt | grep CN[/code]

– The SSLCertificateKeyFile is the private key associate with the certificate (the public key).
– Verify that the Listen directive in ssl.conf is correct for your setup. For example, if an IP address is specified, it needs to match the ip address the httpd service is bound to.

Restart the Apache webserver

For the changes to take effect we must restart the Apache webserver.
For CentOS/RHEL 5,6

# service httpd restart

For CentOS/RHEL 7

# systemctl restart httpd.service

Verify SSL connectivity from the command line

There are several tools available to test the SSL connectivity. Depending on what needs to be tested, use any of the methods described below.

1. OpenSSL s_client

Use ‘openssl s_client -connect TARGET:PORT‘ to test & troubleshoot SSL/TLS connections to a target server. To test a webserver on the standard port:

# openssl s_client -connect www.example.com:443

2. cURL

This tool is often the first choice as it allows you to quickly change between the http and https protocols.

# curl --head https://www.example.com

Filed Under: CentOS/RHEL 7, Linux

Some more articles you might also be interested in …

  1. pvcreate error : Can’t open /dev/sdx exclusively. Mounted filesystem?
  2. fcrackzip: command not found
  3. How to monitor NVME drives on Centos 6
  4. deborphan Command Examples in Linux
  5. How to Connect Remote Host Using the ssh Command
  6. Linux OS Service ‘irqbalance’
  7. “uname” Command Examples to Check UNIX/Linux Version
  8. pvdisplay Command Examples in Linux
  9. cuyo: command not found
  10. CentOS / RHEL : How to find if a network port is open or not?

You May Also Like

Primary Sidebar

Recent Posts

  • qm Command Examples in Linux
  • qm wait Command Examples in Linux
  • qm start Command Examples in Linux
  • qm snapshot Command Examples in Linux

© 2023 · The Geek Diary

  • Archives
  • Contact Us
  • Copyright