Setting up SSL in CentOS

1. Getting the required software
yum install mod_ssl openssl  

2. Generate a self-signed certificate 

Generate private key 
openssl genrsa -out ca.key 1024 

Generate CSR (Fill up the prompt info accordingly) 
openssl req -new -key ca.key -out ca.csr 

Generate Self Signed Key 
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt 

3. Move the generated files to correct locations 

mv ca.crt /etc/pki/tls/certs 
mv ca.key /etc/pki/tls/private/ca.key 
mv ca.csr /etc/pki/tls/private/ca.csr 

4. Update the Apache SSL config file 

vi +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf 

and set Certificate Key and Key File stored location 
  
SSLCertificateFile /etc/pki/tls/certs/ca.crt 
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

5. Restart your apache service 

service httpd restart 

If apache service failed with the following error,

Stopping httpd: [FAILED] 
Starting httpd: Syntax error on line 112 of /etc/httpd/conf.d/ssl.conf: SSLCertificateFile: file '/etc/pki/tls/certs/ca.crt' does not exist or is empty [FAILED] 

Run the following commands to fix it.

chcon --reference=/etc/pki/tls/certs/ca-bundle.crt /etc/pki/tls/certs/ca.crt 
chcon --reference=/etc/pki/tls/private/localhost.key /etc/pki/tls/private/ca.key 

6. Restart your apache service and you should be ok to proceed.

1 comments:

Thanks is working :)