How to Enable SSL For Apache CentOS / RHEL?

Here is a short note on how to configure Apache to use a certificate file for SSL or How to enable https in Apache httpd server. After you enable SSL in the web server configuration, you should be able to access the application using https.

 

Install The mod_ssl Plugin

 

1. Make sure that mod_ssl is installed.

# rpm -qa | grep mod_ssl

 

2. If mod_ssl is not installed, install it using yum:

# yum install mod_ssl

 

Edit SSL Certificate And Keys

 

1. Edit /etc/httpd/conf.d/ssl.conf with the filenames of the server name and SSL Certificate information. The parameters to be edited are

a. ServerName

b. SSLCertificateFile

c. SSLCertificateKeyFile

 

# vi /etc/httpd/conf.d/ssl.conf
# ServerName www.example.com:443 
SSLCertificateFile /etc/pki/tls/certs/localhost.crt 
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

 

Here,

– The ServerName must match the Common Name (CN) of the SSL certificate, or client browsers will get a “domain mismatch” message. To view the certificate Common Name (CN):

# openssl x509 -noout -text -in localhost.crt | grep CN[/code]

 

– The SSL Certificate Key File is the private key associated with the certificate (the public key).

 

– Verify that the Listen directive in ssl.conf is correct for your setup. For example, if an IP address is specified, it needs to match the ip address the httpd service is bound to.

 

Restart the Apache web server

 

For the changes to take effect we must restart the Apache web server.

 

For CentOS/RHEL 5,6

# service httpd restart

 

For CentOS/RHEL 7

# systemctl restart httpd.service

 

Verify SSL connectivity from the command line

 

There are several tools available to test the SSL connectivity. Depending on what needs to be tested, use any of the methods described below.

 

1. OpenSSL s_client

Use ‘openssl s_client -connect TARGET:PORT‘ to test & troubleshoot SSL/TLS connections to a target server. To test a web server on the standard port:

# openssl s_client -connect www.example.com:443

 

2. cURL

This tool is often the first choice as it allows you to quickly change between the http and https protocols.

# curl --head https://www.example.com

 

Was this answer helpful? 0 Users Found This Useful (0 Votes)