CentOS. Apache. 1 de 8. Pricing Features Customers Help & Community. Sign Up Login Help & Community. Articles & Tutorials. Questions. Chat.



Similar documents
Installing an SSL certificate on the InfoVaultz Cloud Appliance

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

owncloud 8 and DigitalOcean Matthew Davidson Bluegrass Linux User Group 03/09/2015

LAB :: Secure HTTP traffic using Secure Sockets Layer (SSL) Certificate

SecuritySpy Setting Up SecuritySpy Over SSL

Security Workshop. Apache + SSL exercises in Ubuntu. 1 Install apache2 and enable SSL 2. 2 Generate a Local Certificate 2

Setup a Virtual Host/Website

Host your websites. The process to host a single website is different from having multiple sites.

Installing Apache as an HTTP Proxy to the local port of the Secure Agent s Process Server

How to: Install an SSL certificate

LoadMaster SSL Certificate Quickstart Guide

User s guide. APACHE SSL Linux. Using non-qualified certificates with APACHE SSL Linux. version 1.3 UNIZETO TECHNOLOGIES S.A.

HW9 WordPress & Google Analytics

ViMP 3.0. SSL Configuration in Apache 2.2. Author: ViMP GmbH

Enterprise SSL Support

To enable https for appliance

esync - Receiving data over HTTPS

Asia Web Services Ltd. (vpshosting.com.hk)

Parallels Plesk Automation

Apache Security with SSL Using Linux

Creating Certificate Authorities and self-signed SSL certificates

Technical specification

Setting Up SSL on IIS6 for MEGA Advisor

Apache and Virtual Hosts Exercises

This section describes how to use SSL Certificates with SOA Gateway running on Linux.

e-cert (Server) User Guide For Apache Web Server

insync Installation Guide

Sun Java System Web Server 6.1 Using Self-Signed OpenSSL Certificate. Brent Wagner, Seeds of Genius October 2007

MassTransit 6.0 Enterprise Web Configuration for Macintosh OS 10.5 Server

Administrator Guide. v 11

unigui Developer's Manual 2014 FMSoft Co. Ltd.

Exercises: FreeBSD: Apache and SSL: SANOG VI IP Services Workshop

Setting Up CAS with Ofbiz 5

Protect your CollabNet TeamForge site

DESLock+ Basic Setup Guide Version 1.20, rev: June 9th 2014

Apache Security with SSL Using Ubuntu

SWITCHBOARD SECURITY

Securing Your Apache Web Server With a Thawte Digital Certificate

NSi Mobile Installation Guide. Version 6.2

By default, STRM provides an untrusted SSL certificate. You can replace the untrusted SSL certificate with a self-signed or trusted certificate.

OnCommand Performance Manager 1.1

Installing Dspace 1.8 on Ubuntu 12.04

INUVIKA OVD INSTALLING INUVIKA OVD ON RHEL 6

Set up a Home Secure Global Desktop Enterprise Edition Remote Access Server

Local Caching Servers (LCS): User Manual

Red Hat Linux Guide to Installing Root Certificates, Generating CSR and Installing SSL Certificate

Alinto Mail Server Pro

CERTIFICATE-BASED SINGLE SIGN-ON FOR EMC MY DOCUMENTUM FOR MICROSOFT OUTLOOK USING CA SITEMINDER

ULTEO OPEN VIRTUAL DESKTOP UBUNTU (PRECISE PANGOLIN) SUPPORT

LumInsight CMS Installation Guide

Cloud Homework instructions for AWS default instance (Red Hat based)

GlobalSign Solutions

CTERA Portal Datacenter Edition

APACHE HTTP SERVER 2.2.8

PowerChute TM Network Shutdown Security Features & Deployment

OpenDaylight & PacketFence install guide. for PacketFence version 4.5.0

VMware Identity Manager Connector Installation and Configuration

Install Cacti Network Monitoring Tool on CentOS 6.4 / RHEL 6.4 / Scientific Linux 6.4

How to setup HTTP & HTTPS Load balancer for Mediator

Ulteo Open Virtual Desktop Installation

secure for mobile devices

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the vwlan Appliance

Configuration Guide. BlackBerry Enterprise Service 12. Version 12.0

9.92 Using HTTPS for building secure web applications v 1.0

SSL Certificates in IPBrick

A Beginner's Guide to Setting Up A Web Hosting System (Or, the design and implementation of a system for the worldwide distribution of pictures of

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.2

Exercises: FreeBSD: Apache and SSL: pre SANOG VI Workshop

Securing the OpenAdmin Tool for Informix web server with HTTPS

JAMF Software Server Installation and Configuration Guide for Linux. Version 9.2

CloudPortal Business Manager 2.2 POC Cookbook

Lepide Active Directory Self Service. Configuration Guide. Follow the simple steps given in this document to start working with

10gAS SSL / Certificate Based Authentication Configuration

Installing an SSL Certificate Provided by a Certificate Authority (CA) on the BlueSecure Controller (BSC)

How to Install Multicraft on a VPS or Dedicated Server (Ubuntu bit)

Eucalyptus User Console Guide

Installation Procedure SSL Certificates in IIS 7

deploying meteor with meteor up

CHAPTER 7 SSL CONFIGURATION AND TESTING

White Paper. Fabasoft on Linux - Preparation Guide for Community ENTerprise Operating System. Fabasoft Folio 2015 Update Rollup 2


Installation documentation for Ulteo Open Virtual Desktop

JAMF Software Server Installation Guide for Linux. Version 8.6

Web Hosting: Pipeline Program Technical Self Study Guide

Generating and Renewing an APNs Certificate. Technical Paper May 2012

Apache, SSL and Digital Signatures Using FreeBSD

Bluesocket virtual Wireless Local Area Network (vwlan) FAQ


Acano solution. Certificate Guidelines R1.7. for Single Combined Acano Server Deployments. December H

Name-based SSL virtual hosts: how to tackle the problem

QuickStart Guide for Mobile Device Management

Tibbr Installation Addendum for Amazon Web Services

JAMF Software Server Installation and Configuration Guide for OS X. Version 9.0

Best Practices in Hardening Apache Services under Linux

Implementing Secure Sockets Layer on iseries

Dialogic 4000 Media Gateway Series as a Survivable Branch Appliance for Microsoft Lync Server 2010

F-Secure Messaging Security Gateway. Deployment Guide

Password Reset PRO INSTALLATION GUIDE

OS Installation: CentOS 5.8

Transcription:

1 de 8 Pricing Features Customers Help & Community Sign Up Login Help & Community Articles & Tutorials Questions Chat Blog Try this tutorial on an SSD cloud server. Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more. Related Articles CentOS Apache How to Setup and Configure an OpenVPN Server on CentOS 6 How To Set Up Apache Virtual Hosts on CentOS 6 How To Set Up vsftpd on CentOS 6 How To Add and Delete Users on Ubuntu 12.04 and CentOS 6 How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 6 How To Create a SSL Certificate on Apache for Ubuntu 12.04 How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 6 How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 6 How To Set Up Apache Virtual Hosts on Ubuntu 12.04 LTS How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu

2 de 8 How To Create a SSL Certificate on Apache for CentOS 6 15 Tweet 3 submit Share Write an Article About Self-Signed Certificates A SSL certificate is a way to encrypt a site's information and create a more secure connection. Additionally, the certificate can show the virtual private server's identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the virtual server's details while a self-signed certificate has no 3rd party corroboration. Step One Install Mod SSL In order to set up the self signed certificate, we first have to be sure that Apache and Mod SSL are installed on our VPS. You can install both with one command: yum install mod_ssl Step Two Create a New Directory Next, we need to create a new directory where we will store the server key and certificate mkdir /etc/httpd/ssl Step Three Create a Self Signed Certificate When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory. This command will prompt terminal to display a lists of fields that need to be filled in. The most important line is "Common Name". Enter your official domain name here or, if you don't have one yet, your site's IP address. You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:NYC Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc Organizational Unit Name (eg, section) []:Dept of Merriment Common Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:webmaster@awesomeinc.com Step Four Set Up the Certificate Now we have all of the required components of the finished certificate.the next thing to do is to set up the virtual hosts to display the new certificate. Open up the SSL config file:

3 de 8 vi /etc/httpd/conf.d/ssl.conf Find the section that begins with <VirtualHost _default_:443> and make some quick changes. Uncomment the DocumentRoot and ServerName line and replace example.com with your DNS approved domain name or server IP address (it should be the same as the common name on the certificate): ServerName example.com:443 Find the following three lines, and make sure that they match the extensions below: SSLEngine on SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key Your virtual host is now all set up! Save and Exit out of the file. Step Five Restart Apache You are done. Restarting the Apache server will reload it with all of your changes in place. /etc/init.d/httpd restart In your browser, type https://youraddress to view the new certificate. Try this tutorial on an SSD cloud server. Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more. By Etel Sverdlov Comments anthony Simple and works perfect. Thanks. Posted November 28th, 2012 19:01 Etel Aw! Thank you for the kind words! :D Posted November 28th, 2012 19:04 mark We need to add one last command to allow this to work: iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT This opens port 443 to allow https:// to work.

4 de 8 Posted January 11th, 2013 16:54 Etel Thanks for the suggestion, Mark. This is definitely true for users that have IP tables set up. Posted January 11th, 2013 22:14 enrique Good manual, need help... Bad Request Your browser sent a request that this server could not understand. Reason: Youre speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Posted January 21st, 2013 15:12 Moisey In your URL you arent using HTTPS which indicates that you want to connect to port 443, but instead your URL has HTTP. So just update that and you should be good to go. Posted January 21st, 2013 16:57 thom_l Stopping httpd: [FAILED] Starting httpd: [FAILED] Posted March 3rd, 2013 22:12 David Levy Thanks for that additional command mark. Works great. Suggestion: Why not expand the tutorial to include how to use trusted ssl keys? Posted March 23rd, 2013 21:32 David Levy To add to mark's command: http://wiki.centos.org/howtos/https iptables -A INPUT -p tcp --dport 443 -j ACCEPT /sbin/service iptables save

5 de 8 Posted March 23rd, 2013 21:36 SaM5246 You have asked Firefox to connect securely to 192.xxx.xxx.32, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. So this is what everyone will see the first time they come across it? Posted August 7th, 2013 18:15 Kamal Nasser @SaM5246: It's because this is a self-signed cert. To get rid of this warning, you have to get your certificate signed by a CA such as Comodo, Verisign, Thawte, Godaddy, etc. Posted August 7th, 2013 19:10 Colin Foster... or create your own CA certificate and install that into apache and your own browsers' trusted CA list. That gets rid of the warning screen (and tests that the certificate installed OK - you'll see the green padlock beside the URL). Posted August 15th, 2013 05:45 leo_ultra_leo What about the "genkey" command for certificate generation? I know there is a bug regarding this issue (in RHEL6 and CentOS 6.4). I did update the nss tool in CentOS and it now just works so great! Posted September 20th, 2013 09:00 ruben.amaya Etel, In case that I am not running iptables. How I can open the 443.? I read this post and all comments, then went to my machine and give the commands iptables --list service iptables status I don't get any information from iptables --list, and the service iptables status told me that I am not running iptables. But if I did the command (after installing nmap with yum install nmap ) nmap -v -r 127.0.0.1 That runs an autoscan it give me the following (This is only part of the output) that I use to check which ports are open and which not.) Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh

6 de 8 25/tcp open smtp 80/tcp open http 3306/tcp open mysql 10000/tcp open snet-sensor-mgmt I noticed that when I installed Apache with yum, the port was opened, the same when I installed the Mysql, but how this is possible if the iptables is not running.? Is there another method to open the ports.? And thank you for all the information in this post. Is being very usefull. Posted October 19th, 2013 20:26 Kamal Nasser @ruben.amaya: What's the output of iptables -L -v as root? The iptables service might not be running but the iptables kernel module is always there. Posted October 20th, 2013 08:16 masterjx12 how do you add multiple ssl's? Posted October 22nd, 2013 17:51 Kamal Nasser @masterjx12: See https://www.digitalocean.com/community/articles/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apacheon-ubuntu-12-04 I recommend reading through the article and then performing the steps yourself since the article is for Ubuntu and not CentOS. Posted October 23rd, 2013 18:20 singh.baljinder1356 works great to me, thanx Etel, can u plz suggest how to use already purchased CA certfied ssl in it Posted October 27th, 2013 08:36

7 de 8 Create your account or sign-in Company Pricing Comparison Chart Features Customers About FAQ Press Careers API Integrations Network Status Contact Community Articles & Tutorials Get Paid to Write Suggest an Article Chat Q&A Blog Referral Program Events Calendar Feedback Badges & Logos The Shop Getting Started One-Click Install Applications What is Cloud Hosting? Control Panel Overview Deploy a Virtual Server Set-Up SSH Keys Install Git on Ubuntu How to Install Ruby on Rails How to Install LAMP Stack Set-Up a Host Name

8 de 8 2011-2013 DigitalOcean, Inc. All Rights Reserved. Terms & Privacy. Security.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information