attiquer
10/12/2018 - 9:42 AM

Install & configure SSL

Guide for Centos with Apache 2.2.4 or greater

Install & configure SSL on Apache, Cent OS
Firstly install mod_ssl on server
yum install mod_ssl

o	Generate a CSR and Private Key
NOTE: place certificate files under  /etc/ssl/certs/sub-dir as it's enforced by SELinux).

o	Issue command 
openssl req -newkey rsa:2048 -nodes -keyout prostatitis2000.org.key -out www.prostatitis2000.org.csr 

– note www, if for non w, leave it out
o	Answer the questions and at the end it will generate a .key and a .csr file. Open .csr file and copy contents and use in the ssl certificate provider e.g. Godaddy to generate certificate
o if Getting error in validation .csr file/content you can use a tool such as https://sslretail.com/csr-generator/ to generate .csr files
o	Download certificate, zip file should contain 2 .crt files, one example.com.crt and other something like gd_bundle-g2-1.crt 
o	Rename gd_bundle-g2-1.crt to intermediate.crt

Install on the server
o	Place these certificates in the same directory as csr files /home/SSL
o	Find your virtual host file usually in /etc/httpd/sites-available
o	Vim it and replace contents with 
<VirtualHost *:443>
    ServerName www.example.com
    ServerAlias example.com
        DocumentRoot /var/www/vhosts/example.com/htdocs
        SSLEngine on
        SSLCertificateFile /home/virtue/SSL/example.com.crt
        SSLCertificateKeyFile /home/virtue/SSL/example.com.key
        SSLCertificateChainFile /home/virtue/SSL/intermediate.crt
<Directory /var/www/vhosts/example.com/htdocs>
        Options Indexes FollowSymLinks MultiViews
        AllowOverride All
        Require all granted
    </Directory>
</VirtualHost>

o	Issue command sytemctl restart httpd
o	Test the ssl
o	Now to redirect http to https add below to the top of the virtual host file
<VirtualHost *:80>
    ServerName example.com
    ServerAlias www.example.com
        DocumentRoot /var/www/vhosts/example.com/htdocs
        Redirect Permanent / https://www.example.com/
</VirtualHost>

o	Restart apache and test