« How to format a USB stick on Fedora Core 10 Linux
Using gnuplot to plot 3D graphs… »

Enabling SSL under Red Hat Enterprise Linux

Create the keys – replace the O, OU & URL with your own data.  These are locally signed keys:

# openssl req -new -x509 -sha1 -newkey rsa:1024 \
> -nodes -keyout test.key -out test.crt \
> -subj ‘/O=NP/OU=Support/CN=www.example.com’
Generating a 1024 bit RSA private key
…………………………………….++++++
……………………….++++++
writing new private key to ‘test.key’
—–

Put the keys in their respective folders:

# ls -lrt
total 912
-rw-r–r– 1 root root 441017 Dec 16 16:09 ca-bundle.crt
-rw-r–r– 1 root root   2240 Dec 16 16:10 Makefile
-rwxr-xr-x 1 root root    610 Dec 16 16:10 make-dummy-cert
-rw-r–r– 1 root root 441017 Dec 16 16:10 ca-bundle.crt.rpmnew
-rw——- 1 root root   1468 Apr 24 18:13 localhost.crt
-rw-r–r– 1 root root    952 May 27 10:17 test.crt

Updated the /etc/httpd/conf.d/ssl.conf file:

#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateFile /etc/pki/tls/certs/test.crt

#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
SSLCertificateKeyFile /etc/pki/tls/private/test.key

Also added Directory instructions for password authentication within the virtual host section (<VirtualHost _default_:443> :

<Directory />
Options FollowSymLinks
AllowOverride None
AuthType basic
AuthName “Private”
AuthUserFile /var/www/folder/passwords
Require valid-user
Order allow,deny
</Directory>
The files couldn’t be seen by apache because I’d created them under root (SELinux enabled) so I had to run these
commands:

# restorecon /etc/pki/tls/private/test.key
# restorecon /etc/pki/tls/certs/test.crt

To redirect all requests over SSL I put this in the .htaccess file in the document root (/var/www/html)

RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteRule ^(.*)$ https://%{HTTP_HOST}/$1 [R=301,L]

At first the above didn’t work because I had AllowOverride None set in the /etc/httpd/conf/httpd.conf file:

#    AllowOverride None
AllowOverride All

Restart apache:

$ service httpd restart

Once changed to All the rewrite works!!

related articles



This entry was posted on Friday, May 29th, 2009 at 1:16 pm and is filed under linux. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.