RHCE Work With Apache HTTPD Web Service Part 4-Configuring HTTPS

Transport Layer security TLS

What is TLS

Transport layer security is security layer for the Apache HTTPD web server. All incoming and out going data is encrypted .so client web browser and the web server communicate to the encrypted channel.if your website is secured with ssl https added before your host name.

There is there basic steps

  1. Get signed certificate from CA(certificate Authorities ) like verisign ssl, godaddy ssl
  2. Install apache httpd mod_ssl module that support for https
  3. Create virtual host file that support for ssl .ssl listen port is 443

Getting ssl certificate is costly in future post i will explain how to get free ssl for your website.

Self signed certificate

you can generate your own certificate and certify by the certificate authority

for do that you have to install crypto-utils package and genkey yourdomain name

genkey devopslanka.com

Then it will ask some questions and you have to answer that .then it will genarate cert file and key file

cert file /etc/pki/tls/certs/devopslanka.com.crt

key file /etc/pki/tls/private/devopslanka.com.key

use arrow keys to navigate

genkey ssl

Then ask key size

and next

Then it will genarate cert file and key file.

ssl key genatated

After that you have to create virtual host file that support ssl.i hope you already follow previous tutorial

Install Apache HTTPD with all packages

the you have installed mod_ssl also.otherwise install it.when you install mod_ssl package it will create config file called ssl.conf.we need that file information to create our own virtual host file for ssl support website.

now im creating a new folder for my domain to run locally .

mkdir -p /var/www/devops

and create index.html file that saying “This is ssl secured devopslanka”

now i’m open /etc/httpd/conf.d/ssl.conf file and copy necessary lines to my virtual host file

 

 

now i have created virtual hostfile inside /etc/httpd/conf.d/devops.conf and changed

  • ServerName
  • SSLCertificateFile
  • SSLCertificateKeyFile
  • DocumentRoot

Add firewall rule to https

 

 

Then i checked with httpd -t for syntax errors. no errors so.now i’m restart httpd server

 

Add dns to /etc/hosts

/etc/hosts

Then open web browser and navigate to https://devopslanka.com

then it asking about this is untrusted website because our self sign ssl certificate is not verified by certificate authority.

ssl certificate unsigned

Click on understand risk and add exception

add exception to ssl certificate

confirm certificate

Ta Da !!!!

its working

Send HTTP Request

Hmm what will happen if we type http without https lets take a look

As a result Apache not showing the correct site because .if there is any error or config file mistake so Apache reorder the config file to alphabetic order.i will explain this matter in another post.Therefore Now take a look at the current scenario.

only https request goes to 443 port but port 80 request does not respond .Lets give a solution to this.

we can add rewrite rule to virtual host file.

Apache HTTPD Automatically Redirect HTTP to HTTPS

inside virtual host file add rewrite rule to virtual host file that we created before /etc/httpd/conf.d/devops.conf

 

 

apache httpd http to https redirect

Lets open web browser and navigate to devopslanka.com then it will automatically redirected to the https://devopslanka.com

automatically redirect http to https apache

I hope this post will help you.if you think this post is valuable please share facebook twitter google plus with your friends.

See you in Part 5

Have a Good Day

Sameera Dissanayaka

 

 

 

One thought on “RHCE Work With Apache HTTPD Web Service Part 4-Configuring HTTPS

Leave a Reply

Your email address will not be published. Required fields are marked *