- Login as root.
- Install the mod_ssl package if you don't already have it:
yum install -y mod_ssl
- Rename the default ssl.conf included in mod_ssl
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
- Create a new /etc/httpd/conf.d/ssl.conf like the following
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLMutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
- Copy your certificate and private key into a single file on your server. I located mine at /etc/pki/tls/certs/mysite.crt. It should look similar to this example:
-----BEGIN CERTIFICATE-----
Your multi-line certificate hash here
Your multi-line certificate hash here
Your multi-line certificate hash here
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Your multi-line private key hash here
Your multi-line private key hash here
Your multi-line private key hash here
-----END RSA PRIVATE KEY-----
- Make sure the certificate is only readable by root:
chmod 0600 /etc/pki/tls/certs/mysite.crt
- Create an Apache SSL virtual host configuration. You'll need to substitute the details of your own server as necessary:
NameVirtualHost 10.1.1.1:443
<VirtualHost 10.1.1.1:443>
ServerName mysite.com:443
DocumentRoot "/var/www/mysite"
ErrorLog "logs/mysite_ssl_error_log"
CustomLog "logs/mysite_ssl_access_log" common
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/mysite.crt
<Directory "/var/www/mysite">
SSLOptions +StdEnvVars
</Directory>
</VirtualHost>
- Run an Apache config test to make sure it's going to work:
service httpd configtest
- Restart Apache to apply the configuration:
service httpd restart
- If the restart fails
- Make sure you've specified the correct IP in /etc/httpd/conf/mysite-ssl.conf
- Check you have copied the correct certificate and corresponding private key in /etc/pki/tls/certs/mysite.crt
- You can check the reason for any failure in /var/log/httpd/mysite_ssl_error_log
- Once you've got the basic site accessible you can add more complicated configuration directives.
Comments
There are no comments