enable ssl on httpd for centos7

1. installation

source /etc/cid.conf
curl -s http://${rdsserver}/sharel/bin/inst-httpd | sh
yum -y install mod_ssl

2. certificates

mkdir -p /etc/httpd/keys
chmod 700 /etc/httpd/keys/

clone

wget -N -nv http://${rdsserver}/sharel/etc/httpd/keys/server.crt -P /etc/httpd/keys/
wget -N -nv http://${rdsserver}/sharel/etc/httpd/keys/server.key -P /etc/httpd/keys/

create

openssl req -new -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes \
            -out /etc/httpd/keys/server.crt \
            -keyout /etc/httpd/keys/server.key \
            -subj "/C=BE/ST=Brabant/L=Kampenhout/O=warpIT/OU=warpIT/emailAddress=alain.rykaert@warpit.be/CN=cid"

chmod 400 /etc/httpd/keys/*
cube /etc/httpd/conf.d/ssl.conf "/etc/pki/tls/certs/localhost.crt" with "/etc/httpd/keys/server.crt"
cube /etc/httpd/conf.d/ssl.conf "/etc/pki/tls/private/localhost.key" with "/etc/httpd/keys/server.key"
systemctl reload httpd.service

3. verify

openssl x509 -noout -text -in /etc/httpd/keys/server.crt
openssl rsa  -noout -text -in /etc/httpd/keys/server.key

echo | openssl s_client -connect localhost:443

4. redirect all request from port 80 to port 443

vi /etc/httpd/conf.d/cid-ssl.conf

#
<VirtualHost *:80>
    Redirect "/" "https://srv122.d01.net/"
    ServerName srv122.d01.net
</VirtualHost>

systemctl reload httpd.service

5. references

https://www.sslcertificaten.nl/support/OpenSSL/Meest_gebruikte_OpenSSL_opdrachten