- A Cloud Guru
Web Services: Configuring a Web Server for HTTPS on Apache
One of the first steps to securing any website should be to enable SSL encryption. Whether you sign your own certificate or purchase one from a third-party, the configuration is the same, and some steps are similar. This lab will allow you to practice and learn those steps and configurations.
Table of Contents
Generate signing request and key, and sign the Certificate
- First, we should elevate to root:
- Now we should navigate somewhere to store these certificates. We could just use the default location, but I prefer keeping the certificates with the application they're protecting.
cd /etc/httpd/conf/ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr
This will ask a lot of questions about where the certificate is being used. For a self-signed certificate in a temporary lab environment, just accept the default. In a production environment, you should fill all the information out.
- Now we sign the request:
openssl x509 -req -in server.csr -signkey server.key -out server.crt
With that done, we need to set up Apache.
- First, we should install the required module:
yum install mod_ssl -y
- Edit the SSL configuration file to set the location of the
- Make sure we have an HTML file to serve:
cd /var/www/html echo "This is SSL" > index.html
- Restart Apache:
systemctl restart httpd
- Verify that everything is being served correctly:
curl https://localhost curl https://localhost -k
Remember, the error you receive on the first
curlis because we're using a self-signed certificate. If that's the only error (verified by the second
curl), then you've completed the steps correctly, and you're done!
What's a lab?
Hands-on Labs are real environments created by industry experts to help you learn. These environments help you gain knowledge and experience, practice without compromising your system, test without risk, destroy without fear, and let you learn from your mistakes. Hands-on Labs: practice your skills before delivering in the real world.