Configure Apache with SSL
On this article we will discuss how we can put ssl security on our web server or on our domain names on a web server. To do so, we need to generate ssl certificate and a ssl key and put those into our virtual hosts. In our previous post (SSL theories and configuration), we showed how to install and generate certificate and key.
Now we will show how we can integrate these two in a virtual host or a domain. In our previous post we have put the certificate and the key in to two different directories in /etc/ssl directory. They key is in private directory and the certificate is in cert directory. Now we need to integrate those two into our virtual host.
On one of our previous post (configure virtual host on apache web server), we have shown how to configure a virtual host for a domain. There we have named our domain name as www.test.local. So we will work on our previous domain name. But as this time we are trying to create a secure link using a secure port. Usually in case of apache or web server the default port is 80 and a secure port is usually 443. So we will use the 443 port for securing our domain. The usual virtual host configuration is given below.
<VirtualHost *:80>
ServerName www.test.local
ServerAlias test.local
DocumentRoot /var/www/test.local/public_html
ErrorLog /var/www/test.local/error.log
</VirtualHost>
But for securing we need to edit a file named ssl.conf into the conf.d directory.
Let’s open the file in that directory.
#vim /etc/httpd/conf.d/ssl.conf
How find the section below
<VirtualHost _default_:443>. . .DocumentRoot “/var/www/test.local/public_html”ServerName www.test.local:443
Then find the below lines and uncomment them and make the changes required.
SSLCertificateFile /etc/ssl/certs/testkey.crtSSLCertificateKeyFile /etc/ssl/private/testkey.key
Now close the virtual host section using the below tag.
</VirtualHost>
There are only few lines we need to add to make this ssl certificate to work. So after the virtual host section we need to add the below lines into our ssl.conf file.
SSLCipherSuite EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDHSSLProtocol All -SSLv2 -SSLv3SSLHonorCipherOrder On
Once these lines are added we can now save and exit the ssl.conf file.
Now we have to restart the apache server to make these changes effective. Run the below command
#systemctl restart httpd
Here we have shown how we can secure apache web server using ssl certificate. We can secure a lot of other servers like postfix, Nginx, different proxy servers and so many other servers using this tool.
Thanks for this info neutrino