Install the Web Server package group:
# yum groupinstall -y "Web server"
Activate at boot time and start the service:
# chkconfig httpd on # service httpd start
Add a new rule to the firewall:
# iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 443 -j ACCEPT
Save the firewall configuration:
# service iptables save
Let’s assume your server is called centos6.example.com.
Generate a X509 certificate valid for 365 days:
# openssl req -new -x509 -nodes -out /etc/pki/tls/certs/centos6.example.com.crt -keyout /etc/pki/tls/private/centos6.example.com.key -days 365 Generating a 2048 bit RSA private key .....................................................+++ ..................................+++ writing new private key to '/etc/pki/tls/private/centos6.example.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]: State or Province Name (full name) []: Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]: Organizational Unit Name (eg, section) []: Common Name (eg, your name or your server's hostname) []:centos6.example.com Email Address []:
Edit the /etc/httpd/conf.d/ssl.conf file, search for the SSLCertificate string and replace as follows:
SSLCertificateFile /etc/pki/tls/certs/centos6.example.com.crt SSLCertificateKeyFile /etc/pki/tls/private/centos6.example.com.key
In the same file, search for the ServerName string and replace as follows:
ServerName centos6.example.com:443
Check the validity of the configuration:
# httpd -t Syntax OK
Or:
# apachectl configtest Syntax OK
Restart the Apache webserver:
# apachectl restart
Check the virtual host configuration:
# httpd -D DUMP_VHOSTS VirtualHost configuration: wildcard NameVirtualHosts and _default_ servers: _default_:443 centos6.example.com (/etc/httpd/conf.d/ssl.conf:74) Syntax OK
Optionally, check the certificate:
# openssl s_client -connect localhost:443 -state
CONNECTED(00000003)
SSL_connect:before/connect initialization
SSL_connect:SSLv2/v3 write client hello A
SSL_connect:SSLv3 read server hello A
depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = centos6.example.com
verify error:num=18:self signed certificate
verify return:1
depth=0 C = XX, L = Default City, O = Default Company Ltd, CN = centos6.example.com
verify return:1
SSL_connect:SSLv3 read server certificate A
SSL_connect:SSLv3 read server key exchange A
SSL_connect:SSLv3 read server done A
SSL_connect:SSLv3 write client key exchange A
SSL_connect:SSLv3 write change cipher spec A
SSL_connect:SSLv3 write finished A
SSL_connect:SSLv3 flush data
SSL_connect:SSLv3 read server session ticket A
SSL_connect:SSLv3 read finished A
---
Certificate chain
0 s:/C=XX/L=Default City/O=Default Company Ltd/CN=centos6.example.com
i:/C=XX/L=Default City/O=Default Company Ltd/CN=centos6.example.com
---
Server certificate
-----BEGIN CERTIFICATE-----
MIIDkzCCAnugAwIBAgIJANXz6Bli9NITMA0GCSqGSIb3DQEBBQUAMGAxCzAJBgNV
BAYTAlhYMRUwEwYDVQQHDAxEZWZhdWx0IENpdHkxHDAaBgNVBAoME0RlZmF1bHQg
Q29tcGFueSBMdGQxHDAaBgNVBAMME2NlbnRvczYuZXhhbXBsZS5jb20wHhcNMTQw
ODI0MDkwMjEyWhcNMTUwODI0MDkwMjEyWjBgMQswCQYDVQQGEwJYWDEVMBMGA1UE
BwwMRGVmYXVsdCBDaXR5MRwwGgYDVQQKDBNEZWZhdWx0IENvbXBhbnkgTHRkMRww
GgYDVQQDDBNjZW50b3M2LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAuZn9kIjLS26130eFlEJujsgLkIiOGGQYJEUu8dhGarRzScGn
Hd0Jn7TQyPihvqekY5OQmlYomoierxJ05rFQygEw6mY9tS+hG1kSJa88DvoA9f50
VENz6oafdtdwXfWZqY1PxHyoLjMZzj0KUw+mT8OCaChhDNbdpNeHhAhXgJtt4hAa
1XvOcbMVPxpJWmRqSrLkFEzLlnmgkeYo14d5TBtmTeVN2ko8MD/A4AO+pnrKPl9T
fN0URhQg/FTF5kiEd/NS47WfIPjK/1PzluWsMOxyvXFnlgs4HbCoaZof5iZBB8Nw
n+Tni0KsLNPu98CoxVQ6izZKIszLkb9M1sOqAQIDAQABo1AwTjAdBgNVHQ4EFgQU
A2ThSL7crEjAG12OTK2dLAwIMpUwHwYDVR0jBBgwFoAUA2ThSL7crEjAG12OTK2d
LAwIMpUwDAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQUFAAOCAQEAkeBQ7CboLgC4
jyFyf+naGXY6urhDSHJtO2C5MdPSS+ep7m0kMg240t8NmJyvqIPyr1Vj5TzfeZCG
nFa7khjYV7PEA5fNmU3t16PxTvbf9TKnynhQ2A0yRA254LfSFng3pX+pIW0d4nYH
qWFO8Ahgm50Hi4c2dcrZmVY4Hi+97dzdZBrN+uhOeO34UyfRPUj2ewbxMR881K41
RY+stKeVB1xCpkk7WBlG+lzjTspxAnu5DeUeYxRwuLc5bwgrbcgtWMWxZg0GGWEJ
DxscHG3hLmVKeOQhvDCd0arjzgymuAYQ5u/J7HlS+A2wCG7RYTJO8mh9YG2ubqqx
b874rkAnbw==
-----END CERTIFICATE-----
subject=/C=XX/L=Default City/O=Default Company Ltd/CN=centos6.example.com
issuer=/C=XX/L=Default City/O=Default Company Ltd/CN=centos6.example.com
---
No client certificate CA names sent
---
SSL handshake has read 1796 bytes and written 453 bytes
---
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-GCM-SHA384
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
SSL-Session:
Protocol : TLSv1.2
Cipher : DHE-RSA-AES256-GCM-SHA384
Session-ID: F70A21C91678CB69510C8ED213E8C340021A3AD7343D16155D15E819476032CB
Session-ID-ctx:
Master-Key: 5CADEE0E5B2B4F9030B1A9E46FA2DD65AC70C530B754A4EF4384AA34B28E4E2617B1E47746ACA2D22B9DA7A8369509A7
Key-Arg : None
Krb5 Principal: None
PSK identity: None
PSK identity hint: None
TLS session ticket lifetime hint: 300 (seconds)
TLS session ticket:
0000 - b6 a4 65 fa 1c 14 4d 12-b7 70 6c 2b 53 52 f1 b6 ..e...M..pl+SR..
0010 - 76 8d 20 86 bb 63 ac dc-46 60 18 07 ae 86 03 16 v. ..c..F`......
0020 - 90 a2 d2 17 d5 f9 ff 5e-bc d2 c7 aa 0f 8f 40 8f .......^......@.
0030 - ee 4e 27 ff 1f c1 7c 04-26 ec cb db 6b e6 2f 53 .N'...|.&...k./S
0040 - 13 05 04 c2 67 d6 63 c5-c3 8b b1 3e 99 65 c9 8a ....g.c....>.e..
0050 - 33 68 3c 83 a0 22 bc d2-5b 7e 8b e7 87 24 b7 77 3h<.."..[~...$.w
0060 - 18 3f c4 51 0d 4e dd a7-f5 03 68 e8 51 de c2 a9 .?.Q.N....h.Q...
0070 - ba e6 fe 15 1d 4b 93 d5-85 93 e3 ee 80 78 2b 40 .....K.......x+@
0080 - 5f 30 02 69 cd 31 61 b6-7b 30 94 ae ca f7 78 62 _0.i.1a.{0....xb
0090 - 87 50 83 ba cc c2 40 29-62 15 50 98 91 6e 25 c0 .P....@)b.P..n%.
00a0 - 9d 55 39 b2 f8 59 67 47-ec ba ea ad 7a 63 75 d9 .U9..YgG....zcu.
00b0 - d6 36 57 b4 80 8a 59 a2-67 d8 90 2c e2 3c dd 05 .6W...Y.g..,.<..
Start Time: 1408871323
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)
---
SSL3 alert read:warning:close notify
closed
SSL3 alert write:warning:close notify
Additional Resources
You can read this good article about the various formats of certificates.
Loading...
Upcoming Events (Local Time) 
Leave a Reply
You must be logged in to post a comment.