{"id":7679,"date":"2018-07-27T14:25:54","date_gmt":"2018-07-27T06:25:54","guid":{"rendered":"http:\/\/rmohan.com\/?p=7679"},"modified":"2018-07-27T14:25:54","modified_gmt":"2018-07-27T06:25:54","slug":"adding-ssl-to-apache-on-ec2-with-amazon-linux","status":"publish","type":"post","link":"https:\/\/mohan.sg\/?p=7679","title":{"rendered":"Adding SSL to Apache on EC2 with Amazon Linux"},"content":{"rendered":"

Adding SSL to Apache on EC2 with Amazon Linux<\/h1>\n

 <\/p>\n

These notes assume you have Apache installed and working on EC2 with Amazon Linux, but it\u2019s fairly similar for other versions of Linux.<\/p>\n

Install OpenSSL and the Apache Connector<\/h3>\n
\n
\/\/ for Apache 2.2\r\nyum install openssl mod_ssl\r\n\/\/ for Apache 2.4\r\nyum install openssl mod24_ssl\r\n\/\/ restart Apache\r\nservice httpd restart\r\n\r\nyum install openssl mod24_ssl httpd24-tools httpd24<\/code><\/pre>\n<\/figure>\n
Test SSL<\/h3>\n
\n
https:\/\/yoursever.com\/<\/code><\/pre>\n<\/figure>\n
This will bring up the default key that was create when you installed OpenSSL.<\/p>\n
Generate Key<\/h3>\n
\n
cd  \/etc\/pki\/tls\/private\r\nopenssl genrsa -out domain-name.key 2048\r\nchown root.root domain-name.key\r\nchmod 600 domain-name.key<\/code><\/pre>\n<\/figure>\n
Generate Request<\/h3>\n
\n
mkdir ssl under \/ec2-user\/domain-name\/ssl\r\ncd \/ec2-user\/domain-name\/ssl\r\nsudo openssl req -new -key \/etc\/pki\/tls\/private\/domain-name.key -out domain-name.pem<\/code><\/pre>\n<\/figure>\n
Once the request has been generated and sent to your certificate authority they will send you back two .crt files. One is the domain cert and one is the bundle cert. You can rename them to domain-name.crt and domain-name-bundle.crt.<\/p>\n
\n
\/\/ put crt file on the server with correct permissions\r\ncp domain-name.crt \/etc\/pki\/tls\/certs\/domain-name.crt\r\nchown root.root \/etc\/pki\/tls\/certs\/domain-name.crt\r\nchmod 600 \/etc\/pki\/tls\/certs\/domain-name.crt\r\n  \r\ncp domain-name-bundle.crt \/etc\/pki\/tls\/certs\/domain-name-bundle.crt\r\nchown root.root \/etc\/pki\/tls\/certs\/domain-name-bundle.crt\r\nchmod 600 \/etc\/pki\/tls\/certs\/domain-name-bundle.crt\r\n  <\/code><\/pre>\n<\/figure>\n
It\u2019s important to change the permissions on the file for Apache and OpenSSL will not work.<\/p>\n
Configure Apache SSL<\/h3>\n
\n
\/\/ backup the conf file\r\ncp \/etc\/httpd\/conf.d\/ssl.conf \/etc\/httpd\/conf.d\/ssl.conf.bkp\r\n\/\/ edit the file\r\nnano \/etc\/httpd\/conf.d\/ssl.conf\r\n\r\n\r\n\/\/ search for the .key file line below and change the localhost.key\r\n\r\nSSLCertificateKeyFile \/etc\/pki\/tls\/private\/domain-name.key\r\n\r\n\/\/ search for the .crt file line below and change the localhost.crt\r\n\r\nSSLCertificateFile \/etc\/pki\/tls\/certs\/domain-name.crt\r\n\r\n\/\/ search for the bundle.crt file line below and point to the new bundle.crt\r\n\r\nSSLCACertificateFile \/etc\/pki\/tls\/certs\/domain-name-bundle.crt\r\n\r\n\/\/ restart Apache\r\nservice httpd restart<\/code><\/pre>\n<\/figure>\n
This allows one SSL Domain on the server. If you want to have more than one SSL domain on the server it\u2019s a bit more setup. I\u2019ll cover that in a different post.<\/p>\n","protected":false},"excerpt":{"rendered":"
Adding SSL to Apache on EC2 with Amazon Linux <\/p>\n
 <\/p>\n
These notes assume you have Apache installed and working on EC2 with Amazon Linux, but it\u2019s fairly similar for other versions of Linux.<\/p>\n
 Install OpenSSL and the Apache Connector \/\/ for Apache 2.2 yum install openssl mod_ssl \/\/ for Apache 2.4 yum install openssl mod24_ssl […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[49],"tags":[],"_links":{"self":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7679"}],"collection":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=7679"}],"version-history":[{"count":1,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7679\/revisions"}],"predecessor-version":[{"id":7680,"href":"https:\/\/mohan.sg\/index.php?rest_route=\/wp\/v2\/posts\/7679\/revisions\/7680"}],"wp:attachment":[{"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=7679"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=7679"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mohan.sg\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=7679"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}