Apache httpd : Configure SSL/TLS2014/07/23 |
|
Configure SSL/TLS to use secure encrypt HTTP connection.
|
|
| [1] | |
| [2] | Configure httpd for SSL/TLS. |
|
[root@www ~]#
yum -y install mod_ssl
[root@www ~]#
vi /etc/httpd/conf.d/ssl.conf # line 59: uncomment DocumentRoot "/var/www/html" # line 60: uncomment and specify the server name ServerName www.srv.world:443
# line 75: change SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2
# line 100: change to the one got in [1] SSLCertificateFile /etc/letsencrypt/live/www.srv.world/cert.pem
# line 107: change to the one got in [1] SSLCertificateKeyFile /etc/letsencrypt/live/www.srv.world/privkey.pem
# line 116: change to the one got in [1] SSLCertificateChainFile /etc/letsencrypt/live/www.srv.world/chain.pem
systemctl restart httpd |
| [3] | If you'd like to set HTTP connection to redirect to HTTPS (Always on SSL/TLS), configure each Virtualhost like follows. It's OK to set it in [.htaccess] not in httpd.conf. |
|
[root@www ~]#
vi /etc/httpd/conf.d/vhost.conf
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.srv.world
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
[root@www ~]# systemctl restart httpd |
| [4] | If Firewalld is running, allow HTTPS service. HTTPS uses 443/TCP. |
|
[root@www ~]# firewall-cmd --add-service=https --permanent success [root@www ~]# firewall-cmd --reload success |
| [5] | Verify possible accessing or not with HTTPS from any Client Computer. |
|
Matched Content