Here is a solution to generate your own Self-Signed SSL Certificate for Internal use. Nowadays any website or internal web services need to be updated with SSL Certificate.
What is SSL?
In general terms, SSL will provide another layer of security to encrypt your data over the internet. Secure Sockets Layer, is a standard security protocol to encrypt web server and browser communication.
Without using an SSL Certificate or plain HTTP web server protocol will send your sensitive data such as User name and password Or bank details like credit card information in plain text.
Self-Signed SSL Certificate in Linux
SSL certificates can be issued by Certificate Authority. Then if you want to generate your own, you can generate your own for internal use only not for external or public internet.
Install Webserver services
# yum install httpd* mod_ssl
After successful installation of Apache/HTTPD packages now start webserver service using the below commands
# systemctl enable httpd.service# systemctl start httpd.service
Enable Firewall ports to allow HTTP and https protocols
# firewall-cmd --permanent --add-service=http # firewall-cmd --permanent --add-service=https # firewall-cmd --reload
Generate Self-Signed SSL Certificate
In order to generate a self-signed SSL certificate follow the below steps in Linux RHEL7 or Centos 7
$ sudo openssl req -new > certificate.csr Generating a 2048 bit RSA private key ....................................................+++ writing new private key to 'privkey.pem' Enter PEM pass phrase: Verifying - Enter PEM pass phrase: ----- Country Name (2 letter code) [XX]:IN State or Province Name (full name) :Telangana Locality Name (eg, city) [Default City]:Hyderabad Organization Name (eg, company) [Default Company Ltd]:Server Computer Organizational Unit Name (eg, section) :IT Common Name (eg, your name or your server's hostname) :server-computer.local Email Address : Please enter the following 'extra' attributes to be sent with your certificate request A challenge password :redhat An optional company name :server computer $ ls certificate.csr privkey.pem
Now Generate .key file using .pem use below command
$ openssl rsa -in privkey.pem -out keyfile.key Enter pass phrase for privkey.pem: writing RSA key
A Final Step to get cert file
$ openssl x509 -in certificate.csr -out cert.cert -req -signkey keyfile.key -days 365 Signature ok subject=/C=IN/ST=Telangana/L=Hyderabad/O=Server Computer/OU=IT/CN=server-computer.local Getting Private key
Secure SSL Certificates
To avoid access to anybody else move certs to secure place and change permissions
$ mkdir -p /etc/pki/tls/private/$ mkdir -p /etc/pki/tls/certs/ $ mv cert.cert /etc/pki/tls/certs/server.crt $ mv keyfile.key /etc/pki/tls/private/server.key
Now write SSL config and enable https communication
# vim /etc/httpd/conf.d/ssl.conf <VirtualHost *:443> ServerAdmin root@localhost ServerName server-computer.local DocumentRoot /var/www/html SSLEngine on SSLProtocol all -SSLv2 -SSLv3 SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5 SSLHonorCipherOrder on SSLCertificateFile /etc/pki/tls/certs/server.crt SSLCertificateKeyFile /etc/pki/tls/private/server.key </VirtualHost>
Ensure the above parameters are enabled in ssl.conf file. Restart HTTP/apache/webserver services
Add host entry in /etc/hosts and check the syntax
# httpd -t
Now Access your web server URL using https://url. That’s it you have successfully generated a self-signed SSL Certificated and configured web server.
For More Linux Posts
Thanks for your wonderful Support and Encouragement