CSC
CRIPTOGRAFIE ȘI SECURITATE CIBERNETICĂ
Laborator
6. Securitatea comunicațiilor web
Apache httpd : SSL/TLS Setting
|
Configure SSL/TLS setting to use secure encrypt HTTPS connection.
|
|
[1] |
Get SSL Certificate, refer to here.
|
[2] | Enable SSL/TLS settings. |
[root@www ~]#
dnf -y install mod_ssl
[root@www ~]#
vi /etc/httpd/conf.d/ssl.conf # line 59 : uncomment DocumentRoot "/var/www/html" # line 60 : uncomment and specify hostname ServerName www.srv.world:443
# line 101 : change to the one got in [1] SSLCertificateFile /etc/letsencrypt/live/www.srv.world/cert.pem
# line 109 : change to the one got in [1] SSLCertificateKeyFile /etc/letsencrypt/live/www.srv.world/privkey.pem
# line 118 : change to the one got in [1] SSLCertificateChainFile /etc/letsencrypt/live/www.srv.world/chain.pem
systemctl restart httpd |
[3] | If you'd like to set HTTP connection to redirect to HTTPS (Always on SSL/TLS), Set RewriteRule to each Host settings. For example, if you set Virtual Hostings like the link here, Add RewriteRule like follows. Or It's possible to set RewriteRule in [.htaccess] not in [httpd.conf]. |
[root@www ~]#
vi /etc/httpd/conf.d/vhost.conf <VirtualHost *:80>
DocumentRoot /var/www/html
ServerName www.srv.world
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]
</VirtualHost>
[root@www ~]# systemctl restart httpd |
[4] | If Firewalld is running, allow HTTPS service. HTTPS uses 443/TCP. |
[root@www ~]# firewall-cmd --add-service=https success [root@www ~]# firewall-cmd --runtime-to-permanent success |
[5] | Verify to access to the test page from any client computer with Web browser via HTTPS. |
...