Archive for May, 2013

How to enable HTTPS on your web server

Enabling https will allow for an encrypted connection between the user’s browsers and the server, meaning data passing back and forth cannot be intercepted by third parties. This is particularly useful for data collection and login processes.

  1. Create a new directory and go there to work: 
    mkdir /root/Certs ; cd $_
  2. Create a CA key or import the EWEA CA key. If creating one from scratch, use: 
    openssl genrsa -out ca.key 2048
  3. Generate a Certificate Signing Request (CSR): 
    openssl req -new -key ca.key -out ca.csr
  4. Create a server key for the local machine: 
    openssl x509 -req -days 3650 -in ca.csr -signkey ca.key -out <servername>.crt
  5. Create the following folders if they don’t exist: 
    mkdir -p /etc/httpd/ssl/certs /etc/httpd/ssl/private
  6. Copy the keys to the following folders: 
     cp -a <servername>.crt /etc/httpd/ssl/certs/ ; cp -a ca.* /etc/httpd/ssl/private/
  7. Edit the apache config to use the new certificate: 
    vi /etc/httpd/conf.d/ssl.conf
  8. Find and edit these two lines: 
    SSLCertificateFile /etc/httpd/ssl/certs/<servername>.crt
SSLCertificateKeyFile /etc/httpd/ssl/private/ca.key
  9. Make sure the firewall is open: 
    vi /etc/sysconfig/iptables
-A INPUT -p tcp -m tcp --dport 443   -m state --state NEW -j ACCEPT
  10. Restart the firewall and Apache: 
    service iptables restart && service httpd restart
  11. Go to https://<servername> and see if it works!

 

More information here:

wiki.centos.org/HowTos/Https
www.digitalocean.com/community/articles/how-to-create-a-ssl-certificate-on-apache-for-centos-6

Multiple virtual hosts examples here:

http://www.digicert.com/ssl-support/apache-multiple-ssl-certificates-using-sni.htm

 

2013
05/02
CATEGORY
Apache
https
Write comment

EWEA Official Certificate Authority (CA) Key


-----BEGIN CERTIFICATE-----
MIIEyjCCA7KgAwIBAgIJALXlIk7jFoUqMA0GCSqGSIb3DQEBBQUAMIGeMQswCQYD
VQQGEwJCRTERMA8GA1UECBMIQnJ1c3NlbHMxETAPBgNVBAoTCGV3ZWEub3JnMSEw
HwYDVQQLExhDb21tdW5pY2F0aW9uIERlcGFydG1lbnQxIzAhBgNVBAMTGkVXRUEg
Q2VydGlmaWNhdGUgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJ3ZWJtYXN0ZXJA
ZXdlYS5vcmcwHhcNMTEwNTA2MTU1NTE4WhcNMTYwNTA0MTU1NTE4WjCBnjELMAkG
A1UEBhMCQkUxETAPBgNVBAgTCEJydXNzZWxzMREwDwYDVQQKEwhld2VhLm9yZzEh
MB8GA1UECxMYQ29tbXVuaWNhdGlvbiBEZXBhcnRtZW50MSMwIQYDVQQDExpFV0VB
IENlcnRpZmljYXRlIEF1dGhvcml0eTEhMB8GCSqGSIb3DQEJARYSd2VibWFzdGVy
QGV3ZWEub3JnMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAxz5f+oCD
MnMWarNomjEXJVcKjGUP3I2snBGuUR2kpUF8wUx1ufxnXjkkNcrKSTxOQt453eIn
tmhIk5YunZTyu0UXX2+BHAmbsfWXpWqFpmTbmh/txftDyLaq1d0tgF8Y6iponD4N
4ou3Ej34ssh9TFYgWWOXWDlPl2GmuxBFwAP828f+tnGORbomON3i5JCDTbAqB3/M
n3A0UxQ9zDjQbv8CbepeeaT/VrCjCwpToLnzXEH+TVMjaN6nSmGzLp78XHGmR73F
ie77iWRvCdWC9hVDKm4lrhjK7G80aR/6ljsWd0M8z+3I+coiJnxetzkwQdALWaBl
JVJ3dLK9360acwIDAQABo4IBBzCCAQMwHQYDVR0OBBYEFLhgr+hPoyJITo/szKpv
R3S9RnPdMIHTBgNVHSMEgcswgciAFLhgr+hPoyJITo/szKpvR3S9RnPdoYGkpIGh
MIGeMQswCQYDVQQGEwJCRTERMA8GA1UECBMIQnJ1c3NlbHMxETAPBgNVBAoTCGV3
ZWEub3JnMSEwHwYDVQQLExhDb21tdW5pY2F0aW9uIERlcGFydG1lbnQxIzAhBgNV
BAMTGkVXRUEgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MSEwHwYJKoZIhvcNAQkBFhJ3
ZWJtYXN0ZXJAZXdlYS5vcmeCCQC15SJO4xaFKjAMBgNVHRMEBTADAQH/MA0GCSqG
SIb3DQEBBQUAA4IBAQCxhtRRDXT8cbHFyCkHyH66xhYVfVO972Nh2hzGdOwHhSpk
PHrhS+zRtMZMdfJORAOj/s+pmVWxRJqcCS7U+mc8Cbm5ONQERIF61i0oyR8zURUa
k+PFb940/SFVYP1RDAosPStNMD7a6FSbhpUcN+G7DaMfevyufx/enfkAQcwOPbL3
7vHoCPPjfXsGnWHdDUxHhg3tt9B/w4VHtD/ejs5eTDeyRiw0BMPAo+WU4d4ntkli
moT24mXrMIU+nafCcHiQnciikliRlc6tGnhJ1857uCXuOaP7HyTCHowxQFKFVnlk
tTaaxFICAfBitUgGRwxm9SmFSZBg+TWa6SLBXVC7
-----END CERTIFICATE-----
-----BEGIN RSA PRIVATE KEY-----
MIIEogIBAAKCAQEAxz5f+oCDMnMWarNomjEXJVcKjGUP3I2snBGuUR2kpUF8wUx1
ufxnXjkkNcrKSTxOQt453eIntmhIk5YunZTyu0UXX2+BHAmbsfWXpWqFpmTbmh/t
xftDyLaq1d0tgF8Y6iponD4N4ou3Ej34ssh9TFYgWWOXWDlPl2GmuxBFwAP828f+
tnGORbomON3i5JCDTbAqB3/Mn3A0UxQ9zDjQbv8CbepeeaT/VrCjCwpToLnzXEH+
TVMjaN6nSmGzLp78XHGmR73Fie77iWRvCdWC9hVDKm4lrhjK7G80aR/6ljsWd0M8
z+3I+coiJnxetzkwQdALWaBlJVJ3dLK9360acwIDAQABAoIBABtlHSdBUki2gEeN
gX1p8IfGzwF8x9CIfko7OB+ZFtFODsw5Khq3dLME4lCvIF8vdodFLOmwNcujzQ7V
4HT0TOeo2Uza9QKY45p1bTNmURgO2A76AuRs5uYLD7Q2JBJ5gOB5kkahVaFnmnVc
pfxXCrtbQDlqMx4DS0lCOP2RgDWlWH3ej3lvQvGOh+P2Ty6mlARJ7TeRqweLf98H
9YM/LqIOaZOAiLWXQmzIMByRg+pb5C7+zBqF3Axqfg9vEIQMGHAEv7rsHDrjMA0E
iqHxwaizhkNTCuZaonG5dIPrON0sTM0Ld/IdGwPWoazInLBnHu1x/87skez/vM2G
GyATinkCgYEA8GX9lZQcLjH4YScbV4X/BBIgUb58QSa1L11nFCpG7i6mSQfl8jT7
wLVp003fmHchNAtyztlsHAo8KyxJY0AFBofgoTnIx6vwDYZFlHvIFT6rqDQxmywY
lVVtBZMHWeFHQePpkiOe/Rlu5TtefvmaFsMoDoNCnCjZDfVjlLfETm0CgYEA1Cyi
V9xz/YAnqascJQKkK/Brd08KO4VFyf6Sz7XBTnxRdjZB5UL8XvzLmf6iLiPkTUD8
U1qBVYueznN2b2DgWIXAq4Qz6jUsYxUzYB+kJ0aXoU0woYlt0dyO8kGT4BPkocTq
5b+uiJNKdi49n2RrnJ4xbTp4sYDuEWt0EzCkAF8CgYB1TK7Bj7V4bPWPIi/bMwzO
BbIzcMjcWXDLHb4wPrjBe42z0ODIoEW/MEXkzvitQmO3K2bnu3te6zeUsVVV0mUh
XKekw7dOhnzpfHzzCLsGcr/7oQwbdRbBtx8tOyK5Ho1Qf072+d6YDRLpU2C2gEBJ
nwwqmK2l2OCgSP5AELL+uQKBgGIBO/vZmLo/uBJnN1jhH3QsWXeCyvczWEk1jhrj
mabnRbmU1ltP1cMKggFf3QnzCkGlAuh9pcAd/fze2JYZ6Yb6QUT4jAJjDV23LUP5
WZnKwb+AKDZ1hISrnFvKbsPSbIlMrDPzlmr/niV4tn4ppItzhuEtYRKcu1rQh41V
qmuBAoGAK2Lp+h74nNinjnrrpRCpYCLlt1d7EhcuVHPQncyJkXUoX+x0BeoPnagE
W0hbjQjzAf4jxnpg6p5FwLHRYkdB89dLo8+VKJqbxcNK5OI+sO0NPLtwTIMT+QbN
obBkl27GxFEOWMtcNMksjeFJapycgqOASrb8sjoG1zyeBA9MJ6o=
-----END RSA PRIVATE KEY-----

2013
05/02
CATEGORY
Apache
https
Write comment