https

How SSL works with Apache

Whenever an https requests comes, these three steps Apache follows:

Apache generates its private key and converts that private key to .CSR file (Certificate signing request).
Then Apache sends the .csr file to the CA (Certificate Authority).
CA will take the .csr file and convert it to .crt (certificate) and will send that .crt file back to Apache to secure and complete the https connection request.

[root@openstack ~]# yum install openssl openssl-devel -y

[root@openstack ~]# mkdir linuxmadeeasy

[root@openstack ~]# cd linuxmadeeasy/

[root@openstack linuxmadeeasy]#

[root@openstack linuxmadeeasy]# openssl genrsa -out ./linumadeeasy.in.key 2048
Generating RSA private key, 2048 bit long modulus
……………………………………………..+++
……………………………………………………………………………………….+++
e is 65537 (0x10001)

[root@openstack linuxmadeeasy]# openssl req -new -sha256 -key ./linumadeeasy.in.key -out ./linumadeeasy.in.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter ‘.’, the field will be left blank.
—–
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TELANGANA
Locality Name (eg, city) [Default City]:HYDERABAD
Organization Name (eg, company) [Default Company Ltd]:RAFISOFTWARESOLUTIONS
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server’s hostname) []:linuxmadeeasy.in
Email Address []:MOHAMMEDRAFI494@GMAIL.COM

Please enter the following ‘extra’ attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

[root@openstack linuxmadeeasy]# cat linumadeeasy.in.csr 
—–BEGIN CERTIFICATE REQUEST—–
MIIC7TCCAdUCAQAwgacxCzAJBgNVBAYTAklOMRIwEAYDVQQIDAlURUxBTkdBTkEx
EjAQBgNVBAcMCUhZREVSQUJBRDEeMBwGA1UECgwVUkFGSVNPRlRXQVJFU09MVVRJ

—–END CERTIFICATE REQUEST—–

[root@openstack linuxmadeeasy]# openssl req -noout -text -in linumadeeasy.in.csr 
Certificate Request:
Data:
Version: 0 (0x0)
Subject: C=IN, ST=TELANGANA, L=HYDERABAD, O=RAFISOFTWARESOLUTIONS, OU=IT, CN=linuxmadeeasy.in/emailAddress=MOHAMMEDRAFI494@GMAIL.COM
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
Public-Key: (2048 bit)
Modulus:
00:a6:7a:77:fd:a8:59:48:7e:41:74:e2:3d:96:96:
85:79:90:2f:f9:c1:2b:ec:dd:af:0a:e2:43:cd:6d:
be:95:fd:29:d7:e5:3f:b9:a1:59:9d:c1:0c:ba:fb:
9c:5f:5f:93:78:db:ce:2e:43:4e:a1:3f:1d:0a:55:
0d:be:ac:fd:eb:12:22:90:46:9b:41:6d:d4:7a:68:
8b:7e:14:49:8f:89:45:07:9d:6c:34:0e:8a:b2:d8:
48:96:13:0a:58:65:7d:0e:7e:2a:27:6c:0c:10:4e:

Exponent: 65537 (0x10001)
Attributes:
a0:00
Signature Algorithm: sha256WithRSAEncryption
7e:96:b0:14:9d:c8:31:6d:d6:2d:fe:62:c3:59:8f:d3:00:16:
b0:ce:4b:80:ea:da:1a:4d:be:fc:2b:f5:14:bc:59:8b:8f:88:
e1:b0:08:2d:15:8d:a9:ed:70:08:1a:55:c3:90:56:02:d8:52:
27:26:f4:24:f8:a8:77:f9:b6:ab:a0:ed:f5:30:20:d8:96:ec:
f1:b3:17:7b:07:f5:b2:f2:f0:b3:b6:64:c5:f8:0e:ca:6f:2b:
45:a3:71:1a:00:a2:c9:fc:43:e3:7c:85:d8:26:fb:4e:7c:7f:
6c:cc:80:5e:c4:04:aa:33:44:b2:a8:51:61:18:19:15:9d:c7:
b1:77:f7:69:6f:59:68:55:a4:f1:77:99:60:44:df:83:04:8a:

Copy the CSR And paste at the  request box at  SSL-PROVIDER portal. And once certificates is signed they will reply with signed certificates.

 

 

Download the certifcates and copy it to the server where u want to install ssl-certificates.

mohammedrafi@NOC-RAFI:~$ scp /home/mohammedrafi/Desktop/linuxmadeeasy_in.zip rafi@linuxmadeeasy.in:/home/rafi
rafi@linuxmadeeasy.in’s password:
linuxmadeeasy_in.zip                                                                                           100% 6276     6.1KB/s   00:00

Login into the server and check files are copied or not

[root@openstack linuxmadeeasy]# ls -l /home/rafi/
total 8
-rw-rw-r– 1 rafi rafi 6276 Apr 14 04:28 linuxmadeeasy_in.zip

u can place u certificates where ever u want but mention the same path in config file.

[root@openstack linuxmadeeasy]# cp /home/rafi/linuxmadeeasy_in.zip /root/linuxmadeeasy/
[root@openstack linuxmadeeasy]# pwd
/root/linuxmadeeasy
[root@openstack linuxmadeeasy]# ls -l
total 16
-rw-r–r– 1 root root 1090 Apr 14 03:53 linumadeeasy.in.csr
-rw-r–r– 1 root root 1679 Apr 14 03:51 linumadeeasy.in.key
-rw-r–r– 1 root root 6276 Apr 14 04:29 linuxmadeeasy_in.zip

[root@openstack linuxmadeeasy]# unzip linuxmadeeasy_in.zip
-bash: unzip: command not found

[root@openstack linuxmadeeasy]# yum provides unzip

[root@openstack linuxmadeeasy]# yum install unzip-6.0-15.el7.x86_64

[root@openstack linuxmadeeasy]# unzip linuxmadeeasy_in.zip
Archive:  linuxmadeeasy_in.zip
extracting: linuxmadeeasy_in.ca-bundle
extracting: linuxmadeeasy_in.crt

[root@openstack linuxmadeeasy]# ls -l
total 28
-rw-r–r– 1 root root 1090 Apr 14 03:53 linumadeeasy.in.csr
-rw-r–r– 1 root root 1679 Apr 14 03:51 linumadeeasy.in.key
-rw-rw-rw- 1 root root 4103 Feb 12  2014 linuxmadeeasy_in.ca-bundle
-rw-rw-rw- 1 root root 1907 Apr 14 00:00 linuxmadeeasy_in.crt
-rw-r–r– 1 root root 6276 Apr 14 04:29 linuxmadeeasy_in.zip

[root@openstack linuxmadeeasy]# cat linuxmadeeasy_in.crt 
—–BEGIN CERTIFICATE—–
MIIFUjCCBDqgAwIBAgIRAMYz2oFrjsZJRF3Q2ZTN0iIwDQYJKoZIhvcNAQELBQAw
gZAxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMTYwNAYD
VQQDEy1DT01PRE8gUlNBIERvbWFpbiBWYWxpZGF0aW9uIFNlY3VyZSBTZXJ2ZXIg
Q0EwHhcNMTYwNDE0MDAwMDAwWhcNMTYwNzEzMjM1OTU5WjBRMSEwHwYDVQQLExhE
X1vvXQwyphkMG69r4cUcjEtuBhzpF2lMHKdi8FO7bDh7JpL8HiyZ1VG3CNGjHFw+
wUlr9cXWPpfMj/rUWl3nFbRiJn9aWuXXB2tcsYaPIweKP2/DIB9ecU+n84G606ix
wU+Xemw507rllzAT4hxkqdTwuZDbAA==
—–END CERTIFICATE—–

[root@openstack linuxmadeeasy]# cat linuxmadeeasy_in.ca-bundle 
—–BEGIN CERTIFICATE—–
MIIGCDCCA/CgAwIBAgIQKy5u6tl1NmwUim7bo3yMBzANBgkqhkiG9w0BAQwFADCB
hTELMAkGA1UEBhMCR0IxGzAZBgNVBAgTEkdyZWF0ZXIgTWFuY2hlc3RlcjEQMA4G
A1UEBxMHU2FsZm9yZDEaMBgGA1UEChMRQ09NT0RPIENBIExpbWl0ZWQxKzApBgNV
BAMTIkNPTU9ETyBSU0EgQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwHhcNMTQwMjEy
MDAwMDAwWhcNMjkwMjExMjM1OTU5WjCBkDELMAkGA1UEBhMCR0IxGzAZBgNVBAgT
quPbYzSf
+AZxAeKCINT+b72x
—–END CERTIFICATE—–
—–BEGIN CERTIFICATE—–
MIIFdDCCBFygAwIBAgIQJ2buVutJ846r13Ci/ITeIjANBgkqhkiG9w0BAQwFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
ZFRydXN0IEV4dGVybmFsIFRUUCBOZXR3b3JrMSIwIAYDVQQDExlBZGRUcnVzdCBF
eHRlcm5hbCBDQSBSb290MB4XDTAwMDUzMDEwNDgzOFoXDTIwMDUzMDEwNDgzOFow
gYUxCzAJBgNVBAYTAkdCMRswGQYDVQQIExJHcmVhdGVyIE1hbmNoZXN0ZXIxEDAO
BgNVBAcTB1NhbGZvcmQxGjAYBgNVBAoTEUNPTU9ETyBDQSBMaW1pdGVkMSswKQYD
VQQDEyJDT01PRE8gUlNBIENlcnRpZmljYXRpb24gQXV0aG9yaXR5MIICIjANBgkq
hkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAkehUktIKVrGsDSTdxc9EZ3SZKzejfSNw
AHG8U9/E+ioSj0t/EFa9n3Byt2F/yUsPF6c947AEYe7/EZfH9IY+Cvo+XPmT5jR6
2RRr55yzhaCCenavcZDX7P0N+pxs+t+wgvQUfvm+xKYvT3+Zf7X8Z0NyvQwA1onr
ayzT7Y+YHBSrfuXjbvzYqOSSJNpDa2K4Vf3qwbxstovzDo2a5JtsaZn4eEgwRdWt
4Q08RWD8MpZRJ7xnw8outmvqRsfHIKCxH2XeSAi6pE6p8oNGN4Tr6MyBSENnTnIq
dcfj
Jw5dhHk3QBN39bSsHNA7qxcS1u80GH4r6XnTq1dFDK8o+tDb5VCViLvfhVdpfZLY
Uspzgb8c8+a4bmYRBbMelC1/kZWSWfFMzqORcUx8Rww7Cxn2obFshj5cqsQugsv5
B5a6SE2Q8pTIqXOi6wZ7I53eovNNVZ96YUWYGGjHXkBrI/V5eu+MtWuLt29G9Hvx
PUsE2JOAWVrgQSQdso8VYFhH2+9uRv0V9dlfmrPb2LjkQLPNlzmuhbsdjrzch5vR
pu/xO28QOG8=
—–END CERTIFICATE—–

[root@openstack ~]# rpm -qa mod_ssl

[root@openstack ~]# yum install mod_ssl

[root@openstack ~]# rpm -qa mod_ssl
mod_ssl-2.4.6-40.el7.centos.x86_64

[root@openstack linuxmadeeasy]#cat >> /etc/httpd/conf/httpd.conf 
<VirtualHost *:443>
     SSLEngine On
     SSLCertificateFile /root/linuxmadeeasy/linuxmadeeasy_in.crt
     SSLCertificateKeyFile /root/linuxmadeeasy/linumadeeasy.in.key
     SSLCACertificateFile /root/linuxmadeeasy/linuxmadeeasy_in.ca-bundle

     ServerName http://www.linuxmadeeasy.in
     DocumentRoot /var/www/html/
     directoryindex sample.html
</VirtualHost>

[root@openstack linuxmadeeasy]# httpd -t
AH00558: httpd: Could not reliably determine the server’s fully qualified domain name, using fe80::f816:3eff:fe6b:56a8. Set the ‘ServerName’ directive globally to suppress this message
Syntax OK

[root@openstack linuxmadeeasy]# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      692/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1809/sendmail: acce
tcp6       0      0 :::80                   :::*                    LISTEN      12505/httpd         
tcp6       0      0 :::22                   :::*                    LISTEN      692/sshd

[root@openstack linuxmadeeasy]# service httpd restart
Redirecting to /bin/systemctl restart  httpd.service

[root@openstack linuxmadeeasy]# netstat -tlpn
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      692/sshd
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      1809/sendmail: acce
tcp6       0      0 :::80                   :::*                    LISTEN      15695/httpd
tcp6       0      0 :::22                   :::*                    LISTEN      692/sshd
tcp6       0      0 :::443                  :::*                    LISTEN      15695/httpd 

Open Browser and check ur web page with https://www.linuxmadeeasy.in/


U can cross check the certificates signed authority as below
That’s It.
For SSL Web-Creation.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s