Make sure the mod_ssl security module is installed and enabled so the Apache web server can use the OpenSSL library and toolkit:<\/p>\n\n\n\n
yum install mod_ssl openssl<\/pre>\n\n\n\nExecute the following commands:<\/p>\n\n\n\n
mkdir -p \/etc\/httpd\/ssl\/\nmv \/etc\/httpd\/conf.d\/ssl.conf \/etc\/httpd\/conf.d\/ssl.conf.bak \ncd \/etc\/httpd\/ssl\/<\/pre>\n\n\n\nGenerate SSL certificate signing request (CSR) files for your domains:<\/p>\n\n\n\n
openssl genrsa -out domain1.key 2048\nopenssl req -new -key domain1.key -out domain1.csr\n\nopenssl genrsa -out domain2.key 2048\nopenssl req -new -key domain2.key -out domain2.csr<\/pre>\n\n\n\nand enter the following details for your certificates:<\/p>\n\n\n\n
When prompted for the Common Name (i.e. domain name), enter the FQDN (fully qualified domain name) for the website you are securing.<\/p>\n\n\n\n
It is recommended to install commercial SSL certificates<\/a> when used in a production environment. Or, generate and use self-signed SSL certificates when you are just developing or testing a website or application using the following commands:<\/p>\n\n\n\n Edit the \u2018ssl.conf\u2019 Apache configuration file:<\/p>\n\n\n\n and add the following lines:<\/p>\n\n\n\n When using a commercial SSL certificate, it is likely the signing authority will include an intermediate CA certificate. In that case, create a new \u2018\/etc\/httpd\/ssl\/ca.crt\u2019 file and paste the contents of the Intermediate CA into it, then edit the the \u2018ssl.conf\u2019 configuration file and uncomment the following line:<\/p>\n\n\n\n so the Apache web server can find your CA certificate.<\/p>\n\n\n\n Test the Apache configuration:<\/p>\n\n\n\n Restart the Apache service for the changes to take effect:<\/p>\n\n\n\n Make sure the mod_ssl security module is installed and enabled so the Apache web server can use the OpenSSL library and toolkit: yum install mod_ssl openssl Execute the following commands: mkdir -p \/etc\/httpd\/ssl\/ mv \/etc\/httpd\/conf.d\/ssl.conf \/etc\/httpd\/conf.d\/ssl.conf.bak cd \/etc\/httpd\/ssl\/ Generate SSL … Continue reading openssl x509 -req -days 365 -in domain1.csr -signkey domain1.key -out domain1.crt\n\nopenssl x509 -req -days 365 -in domain2.csr -signkey domain2.key -out domain2.crt<\/pre>\n\n\n\n
vi \/etc\/httpd\/conf.d\/ssl.conf<\/pre>\n\n\n\n
LoadModule ssl_module modules\/mod_ssl.so\n\nListen 443\n\nNameVirtualHost *:443\n\nSSLPassPhraseDialog builtin\nSSLSessionCacheTimeout 300\nSSLMutex default\nSSLRandomSeed startup file:\/dev\/urandom 256\nSSLRandomSeed connect builtin\nSSLCryptoDevice builtin\nSSLStrictSNIVHostCheck off\n\n<VirtualHost *:443>\nDocumentRoot \/var\/www\/html\/domain1\nServerName domain1.com\nServerAlias www.domain1.com\nSSLEngine on\nSSLProtocol all -SSLv2\nSSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW\nSSLCertificateFile \/etc\/httpd\/ssl\/domain1.crt\nSSLCertificateKeyFile \/etc\/httpd\/ssl\/domain1.key\n#SSLCertificateChainFile \/etc\/httpd\/ssl\/ca.crt\nErrorLog logs\/ssl_error_log\nTransferLog logs\/ssl_access_log\nLogLevel warn\n<Files ~ \"\\.(cgi|shtml|phtml|php3?)$\">\n SSLOptions +StdEnvVars\n<\/Files>\nSetEnvIf User-Agent \".*MSIE.*\" \\\n nokeepalive ssl-unclean-shutdown \\\n downgrade-1.0 force-response-1.0\nCustomLog logs\/ssl_request_log \\\n \"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\\"%r\\\" %b\"\n<\/VirtualHost>\n\n<VirtualHost *:443>\nDocumentRoot \/var\/www\/html\/domain2\nServerName domain2.com\nServerAlias www.domain2.com\nSSLEngine on\nSSLProtocol all -SSLv2\nSSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW\nSSLCertificateFile \/etc\/httpd\/ssl\/domain2.crt\nSSLCertificateKeyFile \/etc\/httpd\/ssl\/domain2.key\n#SSLCertificateChainFile \/etc\/httpd\/ssl\/ca.crt\nErrorLog logs\/ssl_error_log\nTransferLog logs\/ssl_access_log\nLogLevel warn\n<Files ~ \"\\.(cgi|shtml|phtml|php3?)$\">\n SSLOptions +StdEnvVars\n<\/Files>\nSetEnvIf User-Agent \".*MSIE.*\" \\\n nokeepalive ssl-unclean-shutdown \\\n downgrade-1.0 force-response-1.0\nCustomLog logs\/ssl_request_log \\\n \"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \\\"%r\\\" %b\"\n<\/VirtualHost>\n<\/pre>\n\n\n\nSSLCertificateChainFile \/etc\/httpd\/ssl\/ca.crt<\/pre>\n\n\n\n
\/etc\/init.d\/httpd configtest\n\nSyntax OK<\/pre>\n\n\n\n
service httpd restart<\/pre>\n","protected":false},"excerpt":{"rendered":"