[LINUX] How to enable SSL (TLS) in Apache


I tried to summarize how to enable SSL (TLS) using a self-signed certificate (* so-called oleore certificate) in Apache 2.4. Of course, this method cannot be used in a production environment, but I think it can be used when studying on a home server or in a development environment.

Environment used for testing

The hardware is not directly related to this procedure, but I have included it just in case.

Prerequisite settings

  1. Apache is installed.
  2. Apache is ready to start.
  1. SELinux is stopped and disabled.

Steps to enable SSL (TLS)

1. Installation of software required for HTTPS communication

[root@akagi ~]# yum install openssl
[root@akagi ~]# yum install mod_ssl

2. Move to working folder

[root@akagi ~]# cd /etc/pki/tls/certs/

3. Creating a private key

[root@akagi certs]# openssl genrsa > server.key
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)

4. Creating a public key

[root@akagi certs]# openssl req -new -key server.key > server.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [XX]:JP
State or Province Name (full name) []:Tokyo
Locality Name (eg, city) [Default City]:Chiyoda
Organization Name (eg, company) [Default Company Ltd]:XYZ Company
Organizational Unit Name (eg, section) []:Development Dept.
Common Name (eg, your name or your server's hostname) []:
Email Address []:[email protected]
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

5. Creating a server certificate (self-signed certificate)

[root@akagi certs]# openssl x509 -req -signkey server.key < server.csr > server.crt
Signature ok
subject=/C=JP/ST=Tokyo/L=Chiyoda/O=XYZ Company/OU=Development Dept./CN=[email protected]
Getting Private key

6. Copy of private key

[root@akagi certs]# cp -a server.key ../private/

7. Modify ssl.conf

★ Change server name
ServerName www.example.com:443
★TLS1.Supports 2 or more
SSLProtocol all -SSLv2 -SSLv3
SSLProtocol +TLSv1.2
★ Certificate path
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/server.crt
★ Private key path
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/certs/server.key

8. Restart Apache

[root@akagi certs]# systemctl restart httpd

State after work


