Apache HTTP Secure Server Configuration for CentOS 7

Securing the Apache server is one of the most important tasks of the webmaster. In this example, we will show you in this Apache HTTP Secure Server Configuration tutorialĀ  how to use ssl keys with your Apache web server on your installed Centos7 system. this method should also work onall Fedora or Redhat basedĀ  systems

LetsĀ  TellĀ  youĀ  aboutĀ  myĀ  machine :

centos7

Create Certificates

Change to the following directory:

# cdĀ /etc/pki/tls/certs

Run the following command to make server key file:

server2

Remove passphrase from private key:

Writing RSA key

# openssl rsa -in server.key -out server.key
Enter pass phrase for server.key:
writing RSA key

Ā 

Generate CSR key file

Server3-ssl

Sign the key and make Expiration days:

# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 1000
Signature ok
subject=/C=NL/ST=Amsterdam/L=Default City/O=Unixmen/OU=Unixmen Hosting/CN=storage-server.unixmen.com/emailAddress=Pirat9@unixmen.com
Getting Private key

server4-sslĀ 

Configure SSL keys with ApacheĀ 

# yum -y Ā install httpd mod_ssl

ssl-http

EnableĀ  en StartĀ  apache

http-ssl2

ConfigureĀ  ā€˜/etc/httpd/conf.d/ssl.confā€™

Your ssl.conf should be like this:

#mv /etc/httpd/conf.d/ssl.conf  /etc/httpd/conf.d/ssl.conf.orig
#vi /etc/httpd/conf.d/ssl.conf
LoadModule ssl_module modules/mod_ssl.so
Listen 443
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost *:443>
DocumentRoot "/var/www/html"
ServerName 127.0.0.1:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM:+LOW
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
 SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
 SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
 nokeepalive ssl-unclean-shutdown \
 downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
 "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
</VirtualHost>

SaveĀ  and exit

Restart Apache Ā 

Check if Ā the ports 80 and Ā 443 are listening:

netstat-ssl

Allow the ports 80 and 443 via Iptables:

vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state --state NEW -m tcp --dport 80 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT
Reload  and  restart iptables

If you are usingĀ  FirewalldĀ  pleaseĀ  do :

firewall-cmd --permanent --add-port=80/tcp
firewall-cmd --permanent --add-port=443/tcp

And reload the firewalls :

service iptables restart
Or 
firewall-cmd --reload

Restart ip tables:

Open the browser and Check Ā https://IP-Address.

Ip-ssl

certficate-ssl

 

Enjoy