1. installation
source /etc/cid.conf
curl -s http://${rdsserver}/sharel/bin/inst-httpd | sh
yum -y install mod_ssl
2. certificates
mkdir -p /etc/httpd/keys
chmod 700 /etc/httpd/keys/
-
clone
wget -N -nv http://${rdsserver}/sharel/etc/httpd/keys/server.crt -P /etc/httpd/keys/
wget -N -nv http://${rdsserver}/sharel/etc/httpd/keys/server.key -P /etc/httpd/keys/
-
create
openssl req -new -newkey rsa:4096 -x509 -sha256 -days 3650 -nodes \
-out /etc/httpd/keys/server.crt \
-keyout /etc/httpd/keys/server.key \
-subj "/C=BE/ST=Brabant/L=Kampenhout/O=warpIT/OU=warpIT/emailAddress=alain.rykaert@warpit.be/CN=cid"
chmod 400 /etc/httpd/keys/*
cube /etc/httpd/conf.d/ssl.conf "/etc/pki/tls/certs/localhost.crt" with "/etc/httpd/keys/server.crt"
cube /etc/httpd/conf.d/ssl.conf "/etc/pki/tls/private/localhost.key" with "/etc/httpd/keys/server.key"
systemctl reload httpd.service
3. verify
openssl x509 -noout -text -in /etc/httpd/keys/server.crt
openssl rsa -noout -text -in /etc/httpd/keys/server.key
echo | openssl s_client -connect localhost:443
4. redirect all request from port 80 to port 443
vi /etc/httpd/conf.d/cid-ssl.conf
#
<VirtualHost *:80>
Redirect "/" "https://srv122.d01.net/"
ServerName srv122.d01.net
</VirtualHost>
systemctl reload httpd.service