Setup Self signed SSL certificate on APACHE server
Create a Server Key:
openssl genrsa -out yourwebsitename.key 2048
[root@techs-server]# openssl req -new -key yourwebsitename.key -out yourwebsitename.csr
Error opening Private Key yourwebsitename.key
140281570527136:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('yourwebsitename.key','r')
140281570527136:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
unable to load Private Key
[root@techs-server]# openssl genrsa -out yourwebsitename.key 2048
Generating RSA private key, 2048 bit long modulus
.....................................................................................................................+++
....+++
e is 65537 (0x10001)
Now create a Certificate Signing Request (CSR):
[root@techs-server]# openssl req -new -key yourwebsitename.key -out yourwebsitename.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:HP
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:Tech Steppers
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:yourdomainname
Email Address []:
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
Next step is to create the SSL Certificate:
[root@techs-server]# openssl x509 -req -days 1000 -in yourwebsitename.csr -signkey yourwebsitename.key -out yourwebsitename.crt
Signature ok
subject=/C=IN/ST=HP/L=Default City/O=Tech Steppers/CN=yourdomainname
Getting Private key
[root@techs-server]# ll
total 12
-rw-r--r-- 1 root root 1204 Jul 29 20:21 yourwebsitename.crt
-rw-r--r-- 1 root root 1005 Jul 29 20:20 yourwebsitename.csr
-rw-r--r-- 1 root root 1675 Jul 29 20:19 yourwebsitename.key
For Security purpose change the certificates permissions
[root@techs-server]# chmod 600 *
[root@techs-server]# ll
total 12
-rw------- 1 root root 1204 Jul 29 20:21 yourwebsitename.crt
-rw------- 1 root root 1005 Jul 29 20:20 yourwebsitename.csr
-rw------- 1 root root 1675 Jul 29 20:19 yourwebsitename.key
Restart your Web Server
On REL/Cetos 7 – command is:
[root@techs-server]# systemctl restart httpd.service
On REL/Cetos 6 – command is:
[root@techs-server]# service httpd restart
While restarting, we noticed a error:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
We noticed some errors while retstarting our server, to troubleshoot we can use following command:
[root@techs-server]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2017-07-29 20:24:02 UTC; 11s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 15941 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
Process: 6108 ExecReload=/usr/sbin/httpd $OPTIONS -k graceful (code=exited, status=0/SUCCESS)
Process: 15940 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 15940 (code=exited, status=1/FAILURE)
Jul 29 20:24:01 techs-server systemd[1]: Starting The Apache HTTP Server...
Jul 29 20:24:02 techs-server httpd[15940]: AH00526: Syntax error on line 34 of /etc/httpd/conf.d/ssl.conf:
Jul 29 20:24:02 techs-server httpd[15940]: Invalid command '%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x "%r" %b', perhaps misspelled or defined by a module n...figuration
Jul 29 20:24:02 techs-server systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
Jul 29 20:24:02 techs-server kill[15941]: kill: cannot find process ""
Jul 29 20:24:02 techs-server systemd[1]: httpd.service: control process exited, code=exited status=1
Jul 29 20:24:02 techs-server systemd[1]: Failed to start The Apache HTTP Server.
Jul 29 20:24:02 techs-server systemd[1]: Unit httpd.service entered failed state.
Jul 29 20:24:02 techs-server systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.
From ERROR “Invalid command ‘%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x “%r” %b’, perhaps misspelled or defined by a module n…figuration” we noticed that there is some wrong command syntax in the httpd.conf file, we correct it and start the server again:
[root@techs-server]# vi /etc/httpd/conf.d/ssl.conf
[root@techs-server]# systemctl restart httpd.service
Command to check the httpd services:
[root@techs-server web]# ps -ef|grep httpd
root 15975 1 0 20:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15976 15975 0 20:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15977 15975 0 20:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15978 15975 0 20:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15979 15975 0 20:25 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15981 15975 0 20:26 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15982 15975 0 20:26 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15983 15975 0 20:26 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15984 15975 0 20:26 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15985 15975 0 20:26 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
apache 15986 15975 0 20:26 ? 00:00:00 /usr/sbin/httpd -DFOREGROUND
root 16011 15683 0 20:27 pts/0 00:00:00 grep --color=auto httpd
Add a non-privilleged user to the webroot of your server
[root@techs-server web]# useradd -c "dev.techs" -d /serverfs/web/yourdomainname restricteduser
useradd: warning: the home directory already exists.
Not copying any file from skel directory into it.
[root@techs-server web]# chown -R devtechs18:apache /serverfs/web/yourdomainname
Validate the permissions and ownership
[root@techs-server web]# ll
drwxr-xr-x 2 devtechs18 apache 23 Jul 29 20:27 yourdomainname