link Enable Apache SSL / HTTPS Access On CentOS 6← Back
date 28 Feb, 2013
  • Login as root.
  • Install the mod_ssl package if you don't already have it: 
    yum install -y mod_ssl
  • Rename the default ssl.conf included in mod_ssl 
    mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.bak
  • Create a new /etc/httpd/conf.d/ssl.conf like the following 
    LoadModule ssl_module    modules/mod_ssl.so
Listen    443
SSLPassPhraseDialog    builtin
SSLSessionCache    shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout    300
SSLMutex    default
SSLRandomSeed startup    file:/dev/urandom  256
SSLRandomSeed connect    builtin
SSLCryptoDevice    builtin
  • Copy your certificate and private key into a single file on your server. I located mine at /etc/pki/tls/certs/mysite.crt. It should look similar to this example: 
    -----BEGIN CERTIFICATE-----
Your multi-line certificate hash here
Your multi-line certificate hash here
Your multi-line certificate hash here
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
Your multi-line private key hash here
Your multi-line private key hash here
Your multi-line private key hash here
-----END RSA PRIVATE KEY-----
  • Make sure the certificate is only readable by root: 
    chmod 0600 /etc/pki/tls/certs/mysite.crt
  • Create an Apache SSL virtual host configuration. You'll need to substitute the details of your own server as necessary: 
    NameVirtualHost 10.1.1.1:443

<VirtualHost 10.1.1.1:443>
	ServerName mysite.com:443
	DocumentRoot "/var/www/mysite"
	ErrorLog "logs/mysite_ssl_error_log"
	CustomLog "logs/mysite_ssl_access_log" common

	SSLEngine on
	SSLCertificateFile /etc/pki/tls/certs/mysite.crt

	<Directory "/var/www/mysite">
		SSLOptions +StdEnvVars
	</Directory>
</VirtualHost>
  • Run an Apache config test to make sure it's going to work: 
    service httpd configtest
  • Restart Apache to apply the configuration: 
    service httpd restart
  • If the restart fails
    • Make sure you've specified the correct IP in /etc/httpd/conf/mysite-ssl.conf
    • Check you have copied the correct certificate and corresponding private key in /etc/pki/tls/certs/mysite.crt
    • You can check the reason for any failure in /var/log/httpd/mysite_ssl_error_log
  • Once you've got the basic site accessible you can add more complicated configuration directives.
tags apache, centos
Comments

There are no comments

Post a comment