Wednesday, March 12, 2014

How to Secure Your Apache WebServer using SSL Certificates in Linux

In Linux,Apache is the most widely used WebServer , so in this document we will use Apache WebServer on Centos-6.3 and will make it secure by implementing SSL Certificates. I am assuming httpd package(i.e apache software) is already installed on the linux box.

Step 1 : Install the necessary packages

  • [root@localhost /]# yum install mod_ssl openssl.

Step 2: Genrate the self signed certificate.

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands.

# Generate private key using below command

  • [root@localhost /]# openssl genrsa -out server.key 1024

Now create certificate Signing Request(CSR) With Server RSA Private Key using below command

  • [root@localhost /# openssl req -new -key server.key -out server.csr
# Now choose the CA to Sign Your Server's Certificate , using below command
  • [root@localhost /#openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crt
Now we have successfully created and signed a certificate and Copy the files to the correct locations.
  • [root@localhost ~]# cp server.crt /etc/pki/tls/certs/
  • [root@localhost ~]# cp server.key /etc/pki/tls/private/
  • [root@localhost ~]# cp server.csr /etc/pki/tls/private/

Step 3: Now edit the ssl.conf file


  • [root@localhost ~]# vi /etc/httpd/conf.d/ssl.conf

Change the paths to match where the Key file is stored. If you've used the method above it will be

  • SSLCertificateFile /etc/pki/tls/certs/server.crt
  • SSLCertificateKeyFile /etc/pki/tls/private/server.key
Save quit the file and restart the apache serivce

  • [root@localhost ~]# /etc/init.d/httpd restart

Step 4: Now modify the httpd.conf file


  • [root@localhost ~]# vi /etc/httpd/conf/httpd.conf
Save & quit and Put the html files in /var/www/html and restart httpd service using below command :

  • [root@localhost html]# /etc/init.d/httpd restart

Step 5

If your web server is ruuning behind the firewall , then open 443 port. Once all the steps are done , we can access the our website “https://www.example.com” using webroswer.
Posted by at
Labels: ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)