One of the first steps to securing any website should be to enable SSL encryption. Whether you sign your own certificate or purchase one from a third-party, the configuration is the same, and some steps are similar. This lab will allow you to practice and learn those steps and configurations.
Learning Objectives
Successfully complete this lab by achieving the following learning objectives:
- Generate signing request and key, and sign the Certificate
First, we should elevate to root:
sudo -iNow we should navigate somewhere to store these certificates. We could just use the default location, but I prefer keeping the certificates with the application they’re protecting.
cd /etc/httpd/conf/ openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csrThis will ask a lot of questions about where the certificate is being used. For a self-signed certificate in a temporary lab environment, just accept the default. In a production environment, you should fill all the information out.
- Now we sign the request:
openssl x509 -req -in server.csr -signkey server.key -out server.crt
With that done, we need to set up Apache.
- Configure Apache
First, we should install the required module:
yum install mod_ssl -yEdit the SSL configuration file to set the location of the
SSLCertificateFileandSSLCertificateKeyFile:vim /etc/httpd/conf.d/ssl.confMake sure we have an HTML file to serve:
cd /var/www/html echo "This is SSL" > index.htmlRestart Apache:
systemctl restart httpdVerify that everything is being served correctly:
curl https://localhost curl https://localhost -k
Remember, the error you receive on the first
curlis because we’re using a self-signed certificate. If that’s the only error (verified by the secondcurl), then you’ve completed the steps correctly, and you’re done!
