Configure Apache with SSL

0

On this article we will discuss how we can put ssl security on our web server or on our domain names on a web server. To do so, we need to generate ssl certificate and a ssl key and put those into our virtual hosts. In our previous post (SSL theories and configuration), we showed how to install and generate certificate and key.

Now we will show how we can integrate these two in a virtual host or a domain. In our previous post we have put the certificate and the key in to two different directories in /etc/ssl directory. They key is in private directory and the certificate is in cert directory. Now we need to integrate those two into our virtual host.

On one of our previous post (configure virtual host on apache web server), we have shown how to configure a virtual host for a domain. There we have named our domain name as www.test.local. So we will work on our previous domain name. But as this time we are trying to create a secure link using a secure port. Usually in case of apache or web server the default port is 80 and a secure port is usually 443.  So we will use the 443 port for securing our domain. The usual virtual host configuration is given below.

<VirtualHost *:80>

ServerName www.test.local

ServerAlias test.local

DocumentRoot /var/www/test.local/public_html

ErrorLog /var/www/test.local/error.log

</VirtualHost>

 

But for securing we need to edit a file named ssl.conf into the conf.d directory.

Let’s open the file in that directory.

#vim /etc/httpd/conf.d/ssl.conf

How find the section below

<VirtualHost _default_:443>. . .DocumentRoot “/var/www/test.local/public_html”ServerName www.test.local:443

 

Then find the below lines and uncomment them and make the changes required.

SSLCertificateFile /etc/ssl/certs/testkey.crtSSLCertificateKeyFile /etc/ssl/private/testkey.key

 

Now close the virtual host section using the below tag.

</VirtualHost>

There are only few lines we need to add to make this ssl certificate to work. So after the virtual host section we need to add the below lines into our ssl.conf file.

SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDHSSLProtocol All -SSLv2 -SSLv3SSLHonorCipherOrder On

 

Once these lines are added we can now save and exit the ssl.conf file.

Now we have to restart the apache server to make these changes effective. Run the below command

#systemctl restart httpd

Here we have shown how we can secure apache web server using ssl certificate. We can secure a lot of other servers like postfix, Nginx, different proxy servers and so many other servers using this tool.

Leave A Reply

Your email address will not be published.