This article will help you to secure your Apache server by creating SSL certificates. Some people may need this to Secure their apache server. Please follow the bellow steps.
Create a random data file
# cat /dev/random > randomfile
Create key pair
# openssl genrsa -des3 -out server.key -rand randomfile
Sign the created Public Key and create a digital certificate
# openssl req -new -x509 -key server.key -out server.crt
Answer the questions and then copy the Public Key and digital certificate to the bellow mentioned folders.
# cp server.key /etc/apache2/ssl.key/ # cp server.crt /etc/apache2/ssl.crt/
Configure Apache to use OpenSSL (Optional)
Edit the /etc/sysconfig/apache2 file.
APACHE_START_TIMEOUT="10" APACHE_SERVER_FLAGS="SSL"
copy /etc/apache2/vhost.d/vhost-ssl.template to /etc/apache2/vhost.d/vhost-ssl.conf.
# cp /etc/apache2/vhost.d/vhost-ssl.template /etc/apache2/vhost.d/vhost-ssl.conf
Configure the main site to use HTTPS
Edit the /etc/apache2/default-server.conf file and add Include /etc/apache2/vhost.d/*.conf line in that file.
Include /etc/apache2/conf.d/*.conf Include /etc/apache2/vhosts.d/*.conf
Edit /etc/apache2/vhost.d/vhost-ssl.conf file as shown below:
<IfDefine SSL> <IfDefine !NOSSL> <VirtualHost *:443> DocumentRoot "/srv/www/htdocs" ServerName localhost:443 ErrorLog /var/log/apache2/error_log TransferLog /var/log/apache2/access_log SSLEngine on SSLProtocol all -SSLv2 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLCertificateFile /etc/apache2/ssl.crt/server.crt SSLCertificateKeyFile /etc/apache2/ssl.key/server.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars </FilesMatch> <Directory "/srv/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> BrowserMatch "MSIE [2-5]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog /var/log/apache2/ssl_request_log ssl_combined </VirtualHost> </IfDefine> </IfDefine>
Restart apache
# /etc/init.d/apache2 restart redirecting to systemctl restart apache2 Enter SSL pass phrase for localhost:443 (RSA): ******
Check if the Port Listening
# netstat -an | grep 443 tcp 0 0 :::443 :::* LISTEN linux-j9hf:/etc/apache2/vhosts.d #
Navigate to https://IP-Address/ from your browser.
Click on I understand the risks link. Now you will get the output as shown below.
That’s it.
