{"id":1623,"date":"2018-02-12T16:28:32","date_gmt":"2018-02-12T23:28:32","guid":{"rendered":"http:\/\/jim-zimmerman.com\/?p=1623"},"modified":"2018-02-12T16:28:32","modified_gmt":"2018-02-12T23:28:32","slug":"centos-7-certificate-for-apache-notes","status":"publish","type":"post","link":"https:\/\/jim-zimmerman.com\/?p=1623","title":{"rendered":"CentOS 7 – Certificate For Apache Notes."},"content":{"rendered":"

Generate a key and CSR:<\/p>\n

# openssl req -new -key ca.key -out ca.csr
\nYou are about to be asked to enter information that will be incorporated
\ninto your certificate request.
\nWhat you are about to enter is what is called a Distinguished Name or a DN.
\nThere are quite a few fields but you can leave some blank
\nFor some fields there will be a default value,
\nIf you enter ‘.’, the field will be left blank.
\n—–
\nCountry Name (2 letter code) [XX]:US
\nState or Province Name (full name) []:California
\nLocality Name (eg, city) [Default City]:Valencia
\nOrganization Name (eg, company) [Default Company Ltd]:GreatTechHelp
\nOrganizational Unit Name (eg, section) []:Information Systems
\nCommon Name (eg, your name or your server’s hostname) []:myhostname
\nEmail Address []:some@email.address<\/p>\n

Please enter the following ‘extra’ attributes
\nto be sent with your certificate request
\nA challenge password []:
\nAn optional company name []:<\/p><\/blockquote>\n

Files created:<\/p>\n

# ls
\nca.csr ca.key <\/p><\/blockquote>\n

Sign the key:<\/p>\n

# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
\nSignature ok
\nsubject=\/C=US\/ST=California\/L=Valencia\/O=GreatTechHelp\/OU=Information Systems\/CN=myhostname\/emailAddress=some@email.address
\nGetting Private key<\/p><\/blockquote>\n

Copy the certificate, key and csr files and set the permisions:<\/p>\n

# cp ca.crt \/etc\/pki\/tls\/certs\/
\n# cp ca.key \/etc\/pki\/tls\/private\/ca.key
\n# cp ca.csr \/etc\/pki\/tls\/private\/ca.csr
\n# chmod 600 \/etc\/pki\/tls\/certs\/
\n# chmod 600 \/etc\/pki\/tls\/private\/ca.key
\n# chmod 600 \/etc\/pki\/tls\/private\/ca.csr<\/p><\/blockquote>\n

Edit the apache configuration for the VirtualHost or site (Virtual host in this example.):<\/p>\n

# cd \/etc\/httpd\/conf.d\/
\n# ls
\nautoindex.conf myhostname.conf php.conf README ssl.conf userdir.conf welcome.conf
\n# vi myhostname.conf
\n
\n ServerName server.domain.tld
\n ServerAlias someothername
\n DocumentRoot \/var\/www\/html
\n<\/VirtualHost><\/p>\n

NameVirtualHost *:443<\/p>\n


\n ServerName myhostname.greattechhelp.com
\n ServerAlias myhostname
\n DocumentRoot \/var\/www\/html\/myhostname
\n\tRewriteEngine On
\n\tRewriteCond %{HTTPS} !on
\n\tRewriteRule (.*) https:\/\/%{HTTP_HOST}%{REQUEST_URI}
\n<\/VirtualHost><\/p>\n


\n\tSSLEngine on
\n\tSSLCertificateFile \/etc\/pki\/tls\/certs\/ca.crt
\n\tSSLCertificateKeyFile \/etc\/pki\/tls\/private\/ca.key
\n
\n\t\tAllowOverride All
\n\t<\/Directory>
\n DocumentRoot \/var\/www\/html\/myhostname
\n ServerName myhostname.greattechhelp.com
\n ServerAlias myhostname
\n<\/VirtualHost><\/p><\/blockquote>\n

Restart apache:<\/p>\n

# systemctl restart httpd<\/p><\/blockquote>\n

To renew the cert:<\/p>\n

# cp -p \/etc\/pki\/tls\/certs\/ca.crt \/etc\/pki\/tls\/certs\/ca.crt.bak
\n# cp -p \/etc\/pki\/tls\/private\/ca.key \/etc\/pki\/tls\/private\/ca.key.bak
\n# openssl req -new -days 365 -x509 -nodes -newkey rsa:2048 -out \/etc\/pki\/tls\/certs\/ca.crt -keyout \/etc\/pki\/tls\/private\/ca.key
\n# systemctl restart httpd<\/p><\/blockquote>\n","protected":false},"excerpt":{"rendered":"

Generate a key and CSR: # openssl req -new -key ca.key -out ca.csr You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can [&hellip<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[120,456,331,462,461],"class_list":["post-1623","post","type-post","status-publish","format-standard","hentry","category-documentation","tag-apache","tag-certificate","tag-redirect","tag-renew","tag-self-signed"],"share_on_mastodon":{"url":"","error":""},"_links":{"self":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1623","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1623"}],"version-history":[{"count":1,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1623\/revisions"}],"predecessor-version":[{"id":1624,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=\/wp\/v2\/posts\/1623\/revisions\/1624"}],"wp:attachment":[{"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1623"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1623"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jim-zimmerman.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1623"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}