Difference between revisions of "Installing SSL certificate in Apache"

From Notes_Wiki
m
m
Line 1: Line 1:
<yambe:breadcrumb self="Installing SSL certificate in Apache">Apache web server configuration|Apache web server configuration</yambe:breadcrumb>
<yambe:breadcrumb self="Installing SSL certificate in Apache">Security tips|Security tips</yambe:breadcrumb>
=Install SSL certificate in apache=
=Install SSL certificate in apache=
For installation of certificate in apache use following steps:
For installation of certificate in apache use following steps:
Line 29: Line 29:
Steps learned from https://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2.0-in-apache.html  
Steps learned from https://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2.0-in-apache.html  


 
<yambe:breadcrumb self="Installing SSL certificate in Apache">Security tips|Security tips</yambe:breadcrumb>
<yambe:breadcrumb self="Installing SSL certificate in Apache">Apache web server configuration|Apache web server configuration</yambe:breadcrumb>

Revision as of 09:18, 25 January 2019

<yambe:breadcrumb self="Installing SSL certificate in Apache">Security tips|Security tips</yambe:breadcrumb>

Install SSL certificate in apache

For installation of certificate in apache use following steps:

  1. Copy all (certificate, key, CA bundle) to /etc/httpd/conf folder
  2. chmod 400 ssl.key
  3. Edit /etc/httpd/conf.d/ssl.conf and replace appropriate values. Following three values need to be updated:
    SSLCertificateFile /etc/httpd/conf/ssl.pem
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key
    SSLCACertificateFile /etc/httpd/conf/ca-bundle.pem
  4. Restart apache and verify that certificate is working as expected.


Securing Apache SSL configuration

Default SSL configuration of apache is vulnerable to many attacks. We can improve apache SSL configuration as follows:

  1. Edit /etc/httpd/conf/ssl.conf and replace/insert following two values
    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite "EECDH+ECDSA+AESGCM EECDH+aRSA+AESGCM EECDH+ECDSA+SHA384 EECDH+ECDSA+SHA256 EECDH+aRSA+SHA384 EECDH+aRSA+SHA256 EECDH+aRSA+RC4 EECDH EDH+aRSA !RC4 !aNULL !eNULL !LOW !3DES !MD5 !EXP !PSK !SRP !DSS"
    In case of Virtualhost 'SSLEngine On' line is also required.
  2. Check ranking of HTTPS security using https://www.ssllabs.com/ssltest/index.html


Steps learned from https://www.sslshopper.com/article-how-to-disable-weak-ciphers-and-ssl-2.0-in-apache.html

<yambe:breadcrumb self="Installing SSL certificate in Apache">Security tips|Security tips</yambe:breadcrumb>