Create Local SSL certificate and configured on Linux Server and file transfers using Linux httpd services

SSL certificate , I think secure shell , it used for make website secure,  ssl is a way to secure the internet communication from your browser to secure website. the website is using SSL have https://

SSL certificate is necessary for e-commerce and bank transaction websites

here we going to see how to setup local SSL certificate to my test website on Linux server in layman's words. 

.csr - certificate signing request

[root@centos ~]# pwd

/root

[root@centos ~]# hostname

centos.akilan.com

[root@centos ~]#

install webserver

#yum install httpd

[root@centos ~]# systemctl status firewalld.service

● firewalld.service - firewalld - dynamic firewall daemon

   Loaded: loaded (/usr/lib/systemd/system/firewalld.service; disabled; vendor preset: enabled)

   Active: inactive (dead)

     Docs: man:firewalld(1)

[root@centos ~]# netstat -antlup | grep 80

[root@centos ~]# systemctl status httpd.service

● httpd.service - The Apache HTTP Server

   Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)

   Active: inactive (dead)

     Docs: man:httpd.service(8)

[root@centos ~]# systemctl start httpd.service

[root@centos ~]# netstat -antlup | grep 80

tcp6       0      0 :::80                   :::*                    LISTEN      32772/httpd

//now got the test website

now could see the local website on local domain address http://centos.akilan.com/

then we going to make this as secured using SSL certificate

//generate a openssl key for this domain address

[root@centos ~]# openssl genrsa -des3 -out centos.akilan.com.key 2048

Generating RSA private key, 2048 bit long modulus (2 primes)

.....................+++++

.......................+++++

e is 65537 (0x010001)

Enter pass phrase for centos.akilan.com.key:

Verifying - Enter pass phrase for centos.akilan.com.key:

[root@centos ~]# ls

                      

centos.akilan.com.key   

 //generate csr file to request SSL certificate

[root@centos ~]# openssl req -new -key centos.akilan.com.key -out centos.akilan.com.csr

Enter pass phrase for centos.akilan.com.key:

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:IN

State or Province Name (full name) []:TamilNadu

Locality Name (eg, city) [Default City]:Salem

Organization Name (eg, company) [Default Company Ltd]:Akilan

Organizational Unit Name (eg, section) []:IT

Common Name (eg, your name or your server's hostname) []:akilan.com

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:P@ssw0rd

An optional company name []:akilan.com

//here is the important step once done this after few minutes you will receive .crt file on your mail given, that's the important file we just need to specify on our httpd config file to make sure the ssl

or else you can ask third part ssl certificate provides to submit this .csr file and they will be providing .crt file accordingly

[root@centos ~]# ls

                         

 centos.akilan.com.csr                   

 centos.akilan.com.key       

-------------------------------------------------------------

//instead of rsa private key(.key) we can also generate .pem for that below steps

[root@localhost boobalan]# openssl genpkey -genparam -algorithm ec -pkeyopt ec_paramgen_curve:P-256 -out akilan.com.pem

[root@localhost boobalan]# openssl req -newkey ec:akilan.com.pem -keyout akilan.com.key -out akilan.com.csr

Generating an EC private key

writing new private key to 'akilan.com.key'

Enter PEM pass phrase:

Verifying - Enter PEM pass phrase:

-----

You are about to be asked to enter information that will be incorporated

into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value,

If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [XX]:in

State or Province Name (full name) []:tamilnadu

Locality Name (eg, city) [Default City]:salem

Organization Name (eg, company) [Default Company Ltd]:akil

Organizational Unit Name (eg, section) []:it

Common Name (eg, your name or your server's hostname) []:www.akilan.com

Email Address []:

Please enter the following 'extra' attributes

to be sent with your certificate request

A challenge password []:

An optional company name []:

//here in the total we will get 3 files. .pem, .key (private key), .csr

#ls

akilan.com.key

akilan.com.pem

akilan.com.csr

----------------------------------------------------------------------------

//next edit the apache server configuration file and locate the virtual host entry for the website that will use the certificate.

[root@centos ~]# vi /etc/httpd/conf/httpd.conf

[root@centos ~]# cat /etc/httpd/conf/httpd.conf | grep VirtualHost

# ports, instead of the default. See also the <VirtualHost>

# <VirtualHost> definition.  These values also provide defaults for

# any <VirtualHost> containers you may define later in the file.

# All of these directives may appear inside <VirtualHost> containers,

# If you do not specify an ErrorLog directive within a <VirtualHost>

# logged here.  If you *do* define an error logfile for a <VirtualHost>

    # If you do not define any access logfiles within a <VirtualHost>

    # define per-<VirtualHost> access logfiles, transactions will be

//there is no virtualhost tag has set before hence we need to set the tag for virtual host purpose as well ssl certificate purpose also

//added below tag on [root@centos ~]# vi /etc/httpd/conf/httpd.conf

<VirtualHost *:80>

    ServerAdmin akilan

    DocumentRoot /var/www/html

    ServerName centos.boobi.com

</VirtualHost>

<VirtualHost *:443>

    ServerAdmin akilan

    DocumentRoot /var/www/html

    ServerName centos.akilan.com

    SSLEngine ON

    SSLCertificateFile /root/centos.akilan.com.crt

    SSLCertificateKeyFile /root/centos.akilan.com.key

</VirtualHost>

//since default port 80 only listen on the config I just made port 443 also like below

Listen 80

[root@centos ~]# cat /etc/httpd/conf/httpd.conf | grep Listen

# Listen: Allows you to bind Apache to specific IP addresses and/or

# Change this to Listen on specific IP addresses as shown below to

#Listen 12.34.56.78:80

Listen 80

Listen 443

[root@centos ~]# systemctl restart httpd.service

[root@centos ~]# netstat -antlup | grep httpd

tcp6       0      0 :::80                   :::*                    LISTEN      34098/httpd

tcp6       0      0 :::443                  :::*                    LISTEN      34098/httpd

//now check the website it will secured

//now we going to see the file transfers using httpd services

[root@centos ~]# mkdir /var/www/html/test

[root@centos ~]# touch /var/www/html/test/testfile