Linux Security: Working with OpenSSL and httpd

Install ‘mod_ssl’ on the host ‘webserver’

sudo yum install mod_ssl

Generate and sign the private key for ‘shop.example.com’ using ‘openssl’

openssl genrsa -aes128 -out /etc/pki/tls/private/httpdkey.pem
# You will get a prompt for a password 

openssl req -new -x509 -key /etc/pki/tls/private/httpdkey.pem -out /etc/pki/tls/certs/httpdcert.pem -days 365
# You will get a prompt for a password 

Update the default Apache virtual host to accept connections on ‘shop.example.com’ using the new keypair, and allow HTTPS traffic through the firewall.

Make the following changes to /etc/httpd/conf.d/ssl.conf:
At the end of the <VirtualHost _default_:443> section, add the following on a new line:ServerName shop.example.com:443

Find SSLCertificateFile /etc/pki/tls/certs/localhost.crt, and change it to the following:SSLCertificateFile /etc/pki/tls/certs/httpdcert.pem

Find SSLCertificateKeyFile /etc/pki/tls/private/localhost.key, and change it to the following:SSLCertificateKeyFile /etc/pki/tls/private/httpdkey.pem
systemctl restart httpd
sudo firewall-cmd --add-service=https --permanent 
sudo firewall-cmd --reload

Verify the configuration with ‘openssl’ from the host ‘workstation’

openssl s_client -connect shop.example.com:443 > /home/cloud_user/httpd_output