Skip to main content

How to enable HTTPS on your Web Server



The first thing needed for setting up HTTPS is a digital certificate. Digital certificates can be obtained in any of the following methods:

1) Self-signed certificates are recommended for testing purposes and personal projects. Self-signed certificates are also applicable for service providers where the client users are specific and the circle of trust is limited. Self-signed certificates do not cost money.

2) Certificates can be obtained from community-based certificate providers such as StartSSL and CACert. These certificates do not cost money either, but it is recommended for personal projects.

3) For commercial projects where websites are accessed globally, it is recommended to purchase a certificate from a well-known trusted certificate authority. These certificates cost money, but they do increase the credibility of the web service provider.


Steps to set up https on apache web server :

1) yum install mod_ssl openssl

2) generating self signed certificate

   a) First, generate a private key with 2048 bit encryption.
       openssl genrsa -out ca.key 2048

   b) Then generate certificate signing request (CSR).
       openssl req -new -key ca.key -out ca.csr

   c) Finally, generate a self-signed certificate of X509 type, which remains valid for 365 keys.
       openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

   d) After the certificate is created, the files are copied to necessary directories.
        cp ca.crt /etc/pki/tls/certs/
        cp ca.key /etc/pki/tls/private/
        cp ca.csr /etc/pki/tls/private/  

3) Configuring Apache Web Server
 
   a) First, edit the following configuration file.
       vim /etc/httpd/conf.d/ssl.conf
     
       ### overwrite the following parameters ###
       SSLCertificateFile /etc/pki/tls/certs/ca.crt
       SSLCertificateKeyFile /etc/pki/tls/private/ca.key

       ### The following parameter does not need to be modified in case of a self-signed certificate. ###
       ### If you are using a real certificate, you may receive a certificate bundle. The bundle is added using the following parameters ###
       SSLCertificateChainFile /etc/pki/tls/certs/example.com.ca-bundle

   b) Then the httpd service is restarted for the changes to take effect.
       service httpd restart


Pankaj

Comments

Post a Comment

Popular posts from this blog

Spring Cloud vs AWS/GCP/Azure Cloud - In the realm of Distributed Systems Development

The Scalability and High-Availability have become defacto standards for Distributed Systems development. The traditional applications are moving fast from the On-Prem model to the Cloud. With such requirements, it has become imperative to build an application with robust APIs or Cloud Services having fault-tolerant and graceful fallback functionality. Spring framework has emerged as a full-fledged, robust, feature-rich and mature ecosystem over time. It has been equipped with lots of features for rapid development. Spring Boot dominates the Cloud Native Software development. With the introduction of Spring Boot, the Microservices development has catapulted to a whole new level as it brings all sorts of dependencies in one place. Spring Cloud is an umbrella project under the Spring ecosystem. It consists of many sub-projects to build a robust distributed system. It was primarily developed by Netflix and open-sourced as part of Netflix OSS to create resilient, fault-tolerant and s...
Post a Comment
Read more

Program "make" not found in PATH in Eclipse

In order to fix the error "Program "make" not found in PATH in Eclipse", follow below steps: Right Click on the Project -> Properties -> C/C++ Build ->Environment Check PATH, if it has C:\cygwin64\bin in the path or not. Sometimes path set in Environment variables is not reflected in the Eclipse, so you have to edit it here. Build/Restart the eclipse again, you should be able to get rid of the error. If it still persists, do right click on the Project -> Properties -> C/C++ Build ->Tool Chain Editor Current toolchain: ->Cygwin GCC Current builder: -> GNU Make Builder It should work now !! Pankaj
Post a Comment
Read more

Create the Vsix package from a class library

A project that was created as a class library that contains numerous controls that can be used in windows forms applications. In order to create an installation package (*.vsix) that will embed these controls into the visual studio toolbox window. The controls are visible in the toolbox window when being in the solution that has this project within itself. I have created a vsix project and referenced the component project's dll as a Microsoft.VisualStudio.Assembly asset. The VS2017 build process creates the vsix file that I need. When I run it on a system with a fresh VS installation, it goes through the install process with no problems, but the components don't show up in the toolbox. When I try to register the asset as a Microsoft.VisualStudio.ToolboxControl, I get the error 'The target "PkgdefProjectOutputGroup" does not exist in the project.  To reslolve the below error which comes while adding reference of DLL application to VSIX project for Visual ...
Post a Comment
Read more