Advertisements
Check here for Installing and configuring Apache with tomcat using mod_jk
Generating key and csr:
yum install mod_ssl openssl
Key:
openssl genrsa -out www.yourdomain.com.key 2048
csr:
openssl req -new -key www.yourdomain.com.key -out www.yourdomain.com.csr
You have to give
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:Karnataka
Locality Name (eg, city) [Newbury]:Bangalore
Organization Name (eg, company) [My Company Ltd]:Some Company Private Limited
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:www.yourdomain.com
Email Address []:someone@yourdomain.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: [You can skip by pressing enter]
An optional company name []: [You can skip by pressing enter]
Now you have generated csr.
Now buy ssl for this csr from Godaddy,bigrock,geotrust or whomever you trust. Don't forget to keep the key safe.
Now when the crt is issued do the following.
Save the ssl and ca certificates
Add ssl.conf to /etc/httpd/conf.d/ (It will be there if you install mod_ssl)
Include ssl.conf in your httpd.conf
And give the following in ssl.conf
SSLCertificateFile /etc/pki/tls/certs/www.yourdomain.com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.yourdomain.com.key
SSLCACertificateFile /etc/pki/tls/private/www.yourdomain.com.ca.crt
Restart apache. You are done.
To redirect all the http to https you can use the following rewrite rules.
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
Recommended Reading
1. Network Security with OpenSSL2. Implementing SSL / TLS Using Cryptography and PKI
3. Network Security with OpenSSL: Cryptography for Secure Communications
4. SSL and TLS: Designing and Building Secure Systems
No comments:
Post a Comment
Be nice. That's all.