Menu

Apache HTTP Secure Server Configuration


Securing the Apache server is one of the most important tasks of the webmaster. In this example, we will show you in this Apache HTTP Secure Server Configuration tutorial  how to use ssl keys with your Apache web server on your installed Centos7 system. this method should also work on all Fedora or Redhat based  systems

Create Certificates
Change to the following directory:
[root@server /]# cd /etc/pki/tls/certs
Run the following command to make server key file:
[root@server certs]# make server.key
Remove passphrase from private key:
Writing RSA key

[root@server certs]# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key
Generate CSR key file
[root@server certs]# make server.csr
Sign the key and make Expiration days:
[root@server certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 1000
Signature ok
subject=/C=US/ST=AL/L=OLI/O=Hackthesec/OU=Hackthesec Tutorial/CN=server.hackthesec.co.in/emailAddress=info@hackthesec.co.in
Getting Private key
[root@server certs]#
Configure SSL keys with Apache 


[root@server certs]# yum -y install httpd mod_ssl
Enable  en Start  apache
[root@server certs]# systemctl start httpd.service
[root@server certs]# systemctl enable httpd.service

Configure  ‘/etc/httpd/conf.d/ssl.conf’
Your ssl.conf should be like this:
[root@server certs]# mv /etc/httpd/conf.d/ssl.conf  /etc/httpd/conf.d/ssl.conf.orig

[root@server certs]# vi /etc/httpd/conf.d/ssl.conf
[root@server certs]# vi /etc/httpd/conf.d/ssl.conf
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName 127.0.0.1:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

Save  and exit
Restart Apache  
Check if  the ports 80 and  443 are listening:
 [root@server certs]# netstat -tulpen | grep :80

 [root@server certs]# netstat -tulpen | grep :443


Allow the ports 80 and 443 via Iptables:
[root@server certs]# vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
If you are using  Firewalld  please  do :
[root@server certs]# firewall-cmd --permanent --add-port=80/tcp
[root@server certs]# firewall-cmd --permanent --add-port=443/tcp
And restart or reload the firewalls :
[root@server certs]# service iptables restart
Or 
[root@server certs]# firewall-cmd --reload

Open the browser and Check  https://server.hackthesec.co.in

Certificate View

About Author:


I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Next
Newer Post
Previous
Older Post

0 comments:

Post a Comment

 
Top