Transport Layer security TLS
What is TLS
Transport layer security is security layer for the Apache HTTPD web server. All incoming and out going data is encrypted .so client web browser and the web server communicate to the encrypted channel.if your website is secured with ssl https added before your host name.
There is there basic steps
- Get signed certificate from CA(certificate Authorities ) like verisign ssl, godaddy ssl
- Install apache httpd mod_ssl module that support for https
- Create virtual host file that support for ssl .ssl listen port is 443
Getting ssl certificate is costly in future post i will explain how to get free ssl for your website.
Self signed certificate
you can generate your own certificate and certify by the certificate authority
for do that you have to install crypto-utils package and genkey yourdomain name
genkey devopslanka.com
Then it will ask some questions and you have to answer that .then it will genarate cert file and key file
cert file /etc/pki/tls/certs/devopslanka.com.crt
key file /etc/pki/tls/private/devopslanka.com.key
use arrow keys to navigate
Then ask key size
and next
Then it will genarate cert file and key file.
After that you have to create virtual host file that support ssl.i hope you already follow previous tutorial
Install Apache HTTPD with all packages
the you have installed mod_ssl also.otherwise install it.when you install mod_ssl package it will create config file called ssl.conf.we need that file information to create our own virtual host file for ssl support website.
now im creating a new folder for my domain to run locally .
mkdir -p /var/www/devops
and create index.html file that saying “This is ssl secured devopslanka”
now i’m open /etc/httpd/conf.d/ssl.conf file and copy necessary lines to my virtual host file
<VirtualHost *:443> ServerName devopslanka.com SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile "/path/to/www.example.com.cert" SSLCertificateKeyFile "/path/to/www.example.com.key" </VirtualHost> DocumentRoot "/var/www/devops" <Directory "/var/www/"> AllowOverride None Require all granted </Directory>
now i have created virtual hostfile inside /etc/httpd/conf.d/devops.conf and changed
- ServerName
- SSLCertificateFile
- SSLCertificateKeyFile
- DocumentRoot
Add firewall rule to https
firewall-cmd --permanent --add-service=https
firewall-cmd --reload
Then i checked with httpd -t for syntax errors. no errors so.now i’m restart httpd server
systemctl restart httpd
Add dns to /etc/hosts
Then open web browser and navigate to https://devopslanka.com
then it asking about this is untrusted website because our self sign ssl certificate is not verified by certificate authority.
Click on understand risk and add exception
confirm certificate
Ta Da !!!!
its working
Send HTTP Request
Hmm what will happen if we type http without https lets take a look
As a result Apache not showing the correct site because .if there is any error or config file mistake so Apache reorder the config file to alphabetic order.i will explain this matter in another post.Therefore Now take a look at the current scenario.
only https request goes to 443 port but port 80 request does not respond .Lets give a solution to this.
we can add rewrite rule to virtual host file.
Apache HTTPD Automatically Redirect HTTP to HTTPS
inside virtual host file add rewrite rule to virtual host file that we created before /etc/httpd/conf.d/devops.conf
#HTTP To HTTPS <VirtualHost *:80> ServerName devopslanka.com RewriteEngine on RewriteRule ^(/.*)$ https://%{HTTP_HOST}$1 [redirect=301] </VirtualHost> #HTTPS <VirtualHost *:443> ServerName devopslanka.com SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCertificateFile "/etc/pki/tls/certs/devopslanka.com.crt" SSLCertificateKeyFile "/etc/pki/tls/private/devopslanka.com.key" </VirtualHost> #Pointing the document root DocumentRoot "/var/www/devops" <Directory "/var/www"> AllowOverride None # Allow open access: Require all granted </Directory>
Lets open web browser and navigate to devopslanka.com then it will automatically redirected to the https://devopslanka.com
I hope this post will help you.if you think this post is valuable please share facebook twitter google plus with your friends.
See you in Part 5
Have a Good Day
Sameera Dissanayaka
RHCE Work With Apache HTTPD Web Service Part 5-Intergrating Dynamic web Content Dev Ops Lanka - Dev Ops Lanka
February 6, 2018[…] Previous post i have discuss how to add ssl to domain and serve ssl with apache httpd.Today im continue with the previous post.if you are not refer that just take a look at previous post.. […]