Install your Certificates on Apache (OpenSSL)

By OK -
How to determine if OpenSSL and mod_ssl are installed on apache2

Usually, when you compile your apache2 server (or install it by packages facility stuff), you can check any directive that're available to be used by tapping this command:
~# $(which httpd) -L | grep SSL # on RHEL/CentOS/Fedora
~# $(which apache2) -L | grep SSL # on Ubuntu/Debian
If you don't see any SSL* directive, it means that you don't have apache2 with mod_ssl compiled.
For RHEL/CentOS/Fedora:
$ httpd -t -D DUMP_MODULES | grep ssl
ssl_module (shared)
For Ubuntu/Debian
$ apache2 -t -D DUMP_MODULES | grep ssl
ssl_module (shared)


----------------
Apache SSL Installation Instructions
Save the primary and intermediate certificates to a folder on the server with the private key.
Open the Apache configuration file in a text editor. Apache configuration files are usually found in /etc/httpd. The main configuration file is usually named httpd.conf. In most cases the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find the <VirtualHost> blocks in a separate file in a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf.
If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and change the port from port 80 to 443.
Add the lines in bold below.

 <VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/website
ServerName www.domain.com
SSLEngine on
SSLCertificateFile /etc/ssl/crt/primary.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/intermediate.crt
</VirtualHost> 

 Change the names of the files and paths to match your certificate files:
SSLCertificateFile should be your primary certificate file for your domain name.
SSLCertificateKeyFile should be the key file generated when you created the CSR.
SSLCertificateChainFile should be the intermediate certificate file (if any) that was supplied by your certificate authority
Save the changes and exit the text editor.
Restart your Apache web server using one of the following commands:
/usr/local/apache/bin/apachectl startssl

/usr/local/apache/bin/apachectl restart



For Apache v1.X
  1. Download the appropriate Intermediate Certificate(s) and save it in a text editor as intermediate.pem:
  2. Copy your SSL Certificate out of the order fulfilment e-mail (or log into your GlobalSign Certificate Center account and download it) and paste it into a text editor and save as mydomain.pem.
  3. Copy “mydomain.crt” and “intermediate.pem” to the directory in which you plan to store your certificates.
  4. Open your httpd.conf file (some installations keep the SSL section separately in the ssl.conf file) using a text editor, and locate the virtual host section for the site for which the SSL Certificate will secure.
    5. Your virtual host section will need to contain the following directives:
    • SSLCertificateChainFile – This will need to point to the appropriate Intermediate root CA certificates.
    • SSLCertificateFile – This will need to point to the end entity certificate (the one you have called “mydomain.crt”)
    • SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate.
  5. Save the changes to the file and quit the text editor
  6. Restart apache.
For Apache 2.X
  1. Download the appropriate GlobalSign root certificate and save it in a text editor as gs_root.pem:
  2. Download the appropriate Intermediate Certificate(s) and save it in a text editor as intermediate.pem:
  3. Copy your SSL Certificate out of the order fulfilment e-mail (or log into your GlobalSign Certificate Center account and download it) and paste it into a text editor and save as mydomain.crt.
  4. Copy “mydomain.crt” and “intermediate.pem” to the directory in which you plan to store your certificates.
  5. Open your httpd.conf file (some installations keep the SSL section separately in the ssl.conf file) using a text editor and locate the the virtual host section for the site for which the SSL Certificate will secure.
    • Your virtual host section will need to contain the following directives:
    • SSLCACertificateFile – This will need to point to the appropriate GlobalSign root CA certificate.
    • SSLCertificateChainFile – This will need to point to the appropriate intermediate root CA certificates you previously created in Step 1 above.
    • SSLCertificateFile – This will need to point to the end entity certificate (the one you have called "mydomain.crt")
    • SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate.
  6. Save the changes to the file and quit the text editor
  7. Restart apache.

-----------

Comments

Post a Comment

Popular posts from this blog

HAproxy logging

By OK -
ubuntu@ubuntu:/etc/haproxy$ cat /etc/rsyslog.d/haproxy.conf # Create an additional socket in haproxy's chroot in order to allow logging via # /dev/log to chroot'ed HAProxy processes $ModLoad imudp $UDPServerRun 514 local0.* -/var/log/haproxy-0.log local1.* -/var/log/haproxy-1.log ### keep logs in localhost ## $AddUnixListenSocket /var/lib/haproxy/dev/log ------------------- ubuntu@ubuntu:/etc/haproxy$ cat /etc/haproxy/haproxy.cfg global chroot /var/lib/haproxy user haproxy group haproxy log 127.0.0.1   local0         log 127.0.0.1   local1 notice daemon frontend www     bind 192.168.40.128:8282    # haproxy public IP     default_backend as-backend    # backend used backend as-backend    balance leastconn    mode http  server as1 192.168.40.128:8082 check    # application srv 1 defaults log global mode http option httplog option dontlognull         contimeout 5000    
Read more

tomcat catalina coyote jasper cluster

By OK -
Tomcat Component are Catalina Coyote Jasper Cluster Catalina :  Catalina is the name of the servlet container of Apache Tomcat since version 4.x. Tomcat implements Sun Microsystems' specifications for servlet and JavaServer Pages (JSP), which are important Java-based Web technologies. Tomcat's servlet container was redesigned as Catalina in Tomcat version 4.x. other components of the Tomcat engine are: Tomcat Jasper which converts the code portions within JavaServer Pages into servlets and pass them to Catalina to process. Tomcat Coyote which is an HTTP connector based on HTTP/1.1 specifications that receives and transmits web requests to the Tomcat engine by listening to a TCP/IP port and returns requests back to the requesting client. Coyote :  The Coyote JK Connector element represents a Connector component that communicates with a web connector via the JK protocol (also known as the AJP protocol). This is used for cases where you wish to invisibly integr
Read more

NFS mount add in fstab _netdev instead of default | firewall-cmd --list-all

By OK -
Redhat recommends us to add  _netdev  option for NFS file system in /etc/fstab. So that they can be mounted after starting the networking service. Alternative ways to refer to partitions: Label : LABEL=label Network ID Samba : //server/share NFS : server:/share SSHFS : sshfs#user@server:/share Device : /dev/sdxy (not recommended) Example #1 //192.168.1.134/share_name /mnt/share_name cifs username=server_user,password=server_password,_netdev 0 0 ^ Path to your share ^ Mountpoint ^ Username ^ Password ^ See note A Note A: The  _netdev  options makes sure the mount is only attempted AFTER a network connection has been established. Example #2 10.10.10.1:/vol1/fs1 /data nfs defaults,_netdev 0 0 ============================ [root@localhost ~]# firewall-cmd --list-all public   target: default   icmp-block-inversion: no   interfaces:   sources:   services: dhcpv6-client high-availability ssh   ports:   protocols:   masquera
Read more