SSL Installation on Redhat |
Created by ajay . Last modified 2006-02-01 01:22:00. |
Steps to install SSL on Redhat Enterprise 3.0 |
# SSL installation and configuration #--Instructions on how to enable SSL on a Linux server. #--Instructions and directory locations below are specific to Redhat Enterprise 3.0 installation #--For other linux distributions, refer to their documentation. #--remove temporary keys that were created at Linux install
rm /etc/httpd/conf/ssl.key/server.key
#--create key and set permissions. There are two ways of doing this. #--The first method requires you to create a password. You will need to remember and type this EVERY time you #--restart the (Apache) web server. This makes the server very secure and is recommended. #--The second method creates a key that will not require a password when the web server is started. #--first method...type the following command. It will ask you to type-in a (case-sensitive) password (twice). #--Remember this password forever. make genkey #--second method...no passwords required
/usr/bin/openssl genrsa 1024 > /etc/httpd/conf/ssl.key/server.key
#--You can now create a TEST cert (item A below) or an ACTUAL cert request (item B) # (A) Create Test SSL certificate #--change directory and create cert. If you have chosen the password option above, you will be asked for it.
cd /usr/share/ssl/certs
#--Enter your company specific details
Country Name (2 letter code) [GB]:US
#--this creates the following Test certificate
/etc/httpd/conf/ssl.crt/server.crt
# (B) Create SSL certificate request to send to CA #--change directory and create cert request. If you have chosen the password option above, you will be asked for it.
cd /usr/share/ssl/certs
#--Enter the following details (LEAVE THE LAST TWO ITEMS BLANK)
Country Name (2 letter code) [GB]:US
#--This creates the following file. This file is the certificate request, to be sent to the CA #--Follow the instructions on the CA website to send certificate request
/etc/httpd/conf/ssl.csr/server.csr
#--When CA sends certificate, save the certificate as (you can copy/paste the certificate into this file):
/etc/httpd/conf/ssl.crt/server.crt
# Verisign needs an intermediate certificate to be installed for Server Gated Cryptography (SGC) certificates. #--For other cert agencies, refer to their instructions #--Copy the intermediate certificate from the following Verisign location https://www.verisign.com/support/ssl-certificates-support/install-ssl-certificate.html #--Save this intermediate certificate into a text file and name it intermediate.crt at the following location
/etc/httpd/conf/ssl.crt/intermediate.crt
#--You also need to provide the intermediate cert location in the apache conf file (see apache configuration below). # Apache configuration for SSL #--Once you create a Test Cert or get an actual Cert, you need to modify the Apache configuration file for SSL support #--Normally the file /etc/httpd/conf.d/ssl.conf can be modified. #--But instead of ssl.conf file, you can modify httpd.conf file, so that only one file needs to be maintained. #--But do comment out the port 443 host assignment line in the ssl.conf file. #--Add the following rules to the httpd.conf file.
<IfModule mod_ssl.c>
#--restart apache. Use SSL start option. If you have chosen the password option during key generation, you will be asked for it.
apachectl stop
|