link Enable Apache SSL / HTTPS Access On CentOS 6← Back

  • Login as root.
  • Install the mod_ssl package if you don't already have it:
    yum install -y mod_ssl
  • Rename the default ssl.conf included in mod_ssl
    mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
  • Create a new /etc/httpd/conf.d/ssl.conf like the following
    LoadModule ssl_module    modules/mod_ssl.so
    Listen    443
    SSLPassPhraseDialog    builtin
    SSLSessionCache    shmcb:/var/cache/mod_ssl/scache(512000)
    SSLSessionCacheTimeout    300
    SSLMutex    default
    SSLRandomSeed startup    file:/dev/urandom  256
    SSLRandomSeed connect    builtin
    SSLCryptoDevice    builtin
    
  • Copy your certificate and private key into a single file on your server. I located mine at /etc/pki/tls/certs/mysite.crt. It should look similar to this example:
    -----BEGIN CERTIFICATE-----
    Your multi-line certificate hash here
    Your multi-line certificate hash here
    Your multi-line certificate hash here
    -----END CERTIFICATE-----
    -----BEGIN RSA PRIVATE KEY-----
    Your multi-line private key hash here
    Your multi-line private key hash here
    Your multi-line private key hash here
    -----END RSA PRIVATE KEY-----
    
  • Make sure the certificate is only readable by root:
    chmod 0600 /etc/pki/tls/certs/mysite.crt
  • Create an Apache SSL virtual host configuration. You'll need to substitute the details of your own server as necessary:
    NameVirtualHost 10.1.1.1:443
    
    <VirtualHost 10.1.1.1:443>
    	ServerName mysite.com:443
    	DocumentRoot "/var/www/mysite"
    	ErrorLog "logs/mysite_ssl_error_log"
    	CustomLog "logs/mysite_ssl_access_log" common
    
    	SSLEngine on
    	SSLCertificateFile /etc/pki/tls/certs/mysite.crt
    
    	<Directory "/var/www/mysite">
    		SSLOptions +StdEnvVars
    	</Directory>
    </VirtualHost>
    
  • Run an Apache config test to make sure it's going to work:
    service httpd configtest
  • Restart Apache to apply the configuration:
    service httpd restart
  • If the restart fails
    • Make sure you've specified the correct IP in /etc/httpd/conf/mysite-ssl.conf
    • Check you have copied the correct certificate and corresponding private key in /etc/pki/tls/certs/mysite.crt
    • You can check the reason for any failure in /var/log/httpd/mysite_ssl_error_log
  • Once you've got the basic site accessible you can add more complicated configuration directives.

Comments

There are no comments


Post a comment