Renew SSL Certificates in apache on Centos 7 web server ?

In this tutorial we are going on renew our ssl certificate in apache web server. SSL certificate Authority is Godaddy. Once you are finished, all traffic between server and client will be encrypted and safe.
Setup 1
Create ssl certificate directory location
mkdir -p /etc/httpd/ssl/2018/    (-p Tag use for create all perent directory fourcefully )
Setup 2
under /etc/httpd/ssl/2018/ directory create key file
openssl genrsa -out kosecurity.in.key 2048
Setup 3
Genrate CSR file with the help of key file
openssl req -new -key kosecurity.in.key -out kosecurity.in.csr
Setup 4
Genrate self assine certificate
openssl x509 -req -days 365 -in kosecurity.in.csr -signkey kosecurity.in.key -out kosecurity.in.crt
Setup 5
Login your godaddy account and go to ssl Certificate session and go to manage key. click on Rekey and manage.
Under Re-Key certificate session paste csr file content and click Change the site that your certificate protects update your site name like www.kosecurity.in > click on save button > Submit All and saved changes
After some hour godaddy varify your domain and then click on certificate session >  download > select server type > apache > download zip file > extract it and upload server directory /etc/httpd/ssl/2018/
sample ssl file configuration >
cat /etc/httpd/conf.d/ssl.conf
Listen 443 https
SSLPassPhraseDialog exec:/usr/libexec/httpd-ssl-pass-dialog
SSLSessionCacheTimeout 300
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
DocumentRoot “/var/www/kosecurity.in”
ServerName www.kosecurity.in:443
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol all -SSLv2
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/httpd/ssl/2018/f898c11d5bdsf13c.crt
SSLCertificateKeyFile /etc/httpd/ssl/2018/kosecuriy.in.key
SSLCertificateChainFile /etc/httpd/ssl/2018/gd_bundle-s2-g1.crt
SSLOptions +StdEnvVars
<Directory “/var/www/cgi-bin”>
SSLOptions +StdEnvVars
BrowserMatch “MSIE [2-5]” \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
“%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \”%r\” %b”
Update ssl.conf file and restart httpd service.
service httpd restart/reload;

9 Comments

Leave a Reply

Your email address will not be published.


*