X

How to Install and Configure the Apache HTTP Server with SSL on Red Hat Linux

This blog post shows how to install and set up the Apache HTTP Server with SSL on Red Hat Linux (7.x), and we can follow the similar steps for other flavors of Linux. Step 1: Install Apache HTTP Server Step 2: Enable and start the httpd service Step 3: Enable the required ports In above…

This blog post shows how to install and set up the Apache HTTP Server with SSL on Red Hat Linux (7.x), and we can follow the similar steps for other flavors of Linux.

Step 1: Install Apache HTTP Server


sudo yum install httpd

Step 2: Enable and start the httpd service


sudo systemctl enable httpd.service
sudo systemctl start httpd.service

Step 3: Enable the required ports


sudo iptables -I INPUT -p tcp -m tcp --dport 80 -j ACCEPT
sudo iptables -I INPUT -p tcp -m tcp --dport 443 -j ACCEPT

In above the step we enabled port 80 for http and 443 for https traffic. To configure the SSL, we need to install an additional module mod_ssl.

Step 4: Install mod_ssl module


sudo yum install mod_ssl

This blog post assumes you already have a digital certificate (my-web-site.crt) and private key (my-web-site-private.key).

Step 5: Create a folder and set the correct permission to copy the certificate and private key


mkdir /etc/ssl/certs
cp my-web-site.crt /etc/ssl/certs/
cp my-web-site-private.key /etc/ssl/certs/
chmod 700 -R /etc/ssl/certs/

Step 6: Open and update the ssl.conf file


sudo vi /etc/httpd/conf.d/ssl.conf

Step 7: Uncomment DocumentRoot, ServerName under <VirtualHost _default_:443> in ssl.conf file and update with following


DocumentRoot "/var/www/my-web-site/public_html"
ServerName www.my-web-site.com:443

Step 8: Find the SSLProtocol and SSLCipherSuite and comment them


# SSLProtocol all -SSLv2 -SSLv3
# SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA

Step 9: Find the SSLCertificateFile and SSLCertificateKeyFile lines and change them to the directory we made at /etc/httpd/ssl/certs


SSLCertificateFile /etc/ssl/certs/my-web-site.crt
SSLCertificateKeyFile /etc/ssl/certs/my-web-site-private.key

Step 10: Modify the Unencrypted Virtual Host File to Redirect to HTTPS from HTTP


sudo vi /etc/httpd/conf.d/non-ssl.conf

Add the following config lines to non-ssl.conf


<VirtualHost *:80>
  ServerName www.my-web-site.com
  Redirect "/" "https://www.my-web-site.com/"
</VirtualHost>

Step 11: Verify the Apache configuration is ok


sudo apachectl configtest

Step 12: Stop and start apache to reflect the new SSL configuration


sudo systemctl stop httpd
sudo systemctl start httpd

Now the site is secured with SSL, and even any tries to access the website using HTTP, the website redirects to https.

Categories: GENERAL LINUX
Shravan Kumar Kasagoni: