How to install and configure OpenSSL for Apache on Rocky Linux 9.3
To Install And Configure OpenSSL For Apache On Rocky Linux 9.3
Introduction:
OpenSSL is a general-purpose cryptography library that implements the Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. The SSL protocol keeps an internet connection secure and safeguards sensitive data between two systems, preventing criminals from viewing or altering any information sent.
Installation Steps:
Step 1: Check the OS version by using the below command
[root@linuxhelp ~]# cat /etc/os-release
NAME="Rocky Linux"
VERSION="9.3 (Blue Onyx)"
ID="rocky"
ID_LIKE="rhel centos fedora"
VERSION_ID="9.3"
PLATFORM_ID="platform:el9"
PRETTY_NAME="Rocky Linux 9.3 (Blue Onyx)"
ANSI_COLOR="0;32"
LOGO="fedora-logo-icon"
CPE_NAME="cpe:/o:rocky:rocky:9::baseos"
HOME_URL="https://rockylinux.org/"
BUG_REPORT_URL="https://bugs.rockylinux.org/"
SUPPORT_END="2032-05-31"
ROCKY_SUPPORT_PRODUCT="Rocky-Linux-9"
ROCKY_SUPPORT_PRODUCT_VERSION="9.3"
REDHAT_SUPPORT_PRODUCT="Rocky Linux"
REDHAT_SUPPORT_PRODUCT_VERSION="9.3"
Step 2: Install the Apache Web Server by using the below command
[root@linuxhelp ~]# dnf install httpd -y
Last metadata expiration check: 0:28:20 ago on Wednesday 17 April 2024 04:01:23 AM.
Package httpd-2.4.57-5.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Step 3: Start and enable the Apache services by using the below command
[root@linuxhelp ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
[root@linuxhelp ~]# systemctl start httpd
Step 4: Check the status of Apache service by using the below command
[root@linuxhelp ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; preset: disabled)
Active: active (running) since Wed 2024-04-17 04:30:33 IST; 17s ago
Docs: man:httpd.service(8)
Main PID: 90881 (httpd)
Status: "Total requests: 0; Idle/Busy workers 100/0;Requests/sec: 0; Bytes served/sec: 0 B/sec"
Tasks: 214 (limit: 22833)
Memory: 34.8M
CPU: 400ms
CGroup: /system.slice/httpd.service
├─90881 /usr/sbin/httpd -DFOREGROUND
├─90882 /usr/sbin/httpd -DFOREGROUND
├─90883 /usr/sbin/httpd -DFOREGROUND
├─90887 /usr/sbin/httpd -DFOREGROUND
├─90889 /usr/sbin/httpd -DFOREGROUND
└─90890 /usr/sbin/httpd -DFOREGROUND
Apr 17 04:30:33 linuxhelp systemd[1]: Starting The Apache HTTP Server...
Apr 17 04:30:33 linuxhelp httpd[90881]: AH00558: httpd: Could not reliably determine the server's fully qualifi>
Apr 17 04:30:33 linuxhelp systemd[1]: Started The Apache HTTP Server.
Apr 17 04:30:33 linuxhelp httpd[90881]: Server configured, listening on: port 443, port 80
Step 5: Allow Apache services on Firewall by using the below command
[root@linuxhelp ~]# firewall-cmd --add-service=http --permanent
success
[root@linuxhelp ~]# firewall-cmd --add-service=https --permanent
success
Step 6: Reload the Firewall by using the below command
[root@linuxhelp ~]# firewall-cmd --reload
success
Step 7: Install mod_ssl by using the below command
[root@linuxhelp ~]# dnf install mod_ssl* -y
Last metadata expiration check: 0:31:21 ago on Wednesday 17 April 2024 04:01:23 AM.
Package mod_ssl-1:2.4.57-5.el9.x86_64 is already installed.
Dependencies resolved.
Nothing to do.
Complete!
Step 8: Create the SSL key and certificate by using the below command
[root@linuxhelp ~]# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/private/apache-selfsigned.key -out /etc/pki/tls/certs/apache-selfsigned.crt
..+............+....+..+...+....+............+........+.+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+...+..+......+.+.........+......+.....+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*......+..+......+.+...+..+...+.+......+......+.....+..........+........+....+......+.....+....+.....+.+...........+...+...+............+.+..+.......+..+...+............+...+.......+...+..................+...+..+...+....+...+...+..+.........+....+......+...+...+.....+.......+...+........+.......+........+.+...........+.......+..+..................+...+.........+...+......+....+...+........+....+...+..............+.+..+...+...+......+......+...+....+......+..+...................+...+..+..........+.........+......+.....+....+.....+...................+.....+...+...+.+.....+.........+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
.+......+....+..+..........+.....+...+...+.........+.+........+......+......+...+......+.+..+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+.........+....+.........+......+......+...+...........+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+.+..+.+.................+.......+...............+............+.....+.+..+...+.......+..................+...+..+.........+.+...+...............+.....+.......+..+.+..+.......+......+..............+.+..+...+.......+..................+.....+......+...+.+......+...+....................+...+...+.+......+..+.............+.....+....+.....+.........+.......+...+.........+..+...................+..+...+.......+.........+...+..+...+.+.....+.+........+......+.......+..+...+...+....+........+.......+...+.........+...+..+...+................+.....+.+......+..+............+...+......+....+..+................+.....+.......+...+..................+.....+.+...+...........+.+......+..................+..+...+.........+...+....+...+...+............+..+...............+.............+......+..+...+.+.....+....+.................+....+.....+...+......+.+.....+......+.........+.+.....+.............+.....+....+.....+......+.......+..............+....+..+...+....+..+..........+...+..+.+.....+...................+.........+..+............+......+.+......+..+.............+............+........+.........+......+.......+............+.....+....+.........+.................+.+..+................+......+...............+.........+..+.......+.....+.+..+.........+.........+....+.....+...+.........+...+......+.......+...+......+......+.....+...+..........+.....+.........+.......+.....................+...+.....+....+..+.........+.+.....+.+.........+......+....................+...+......+....+..+.......+......+.........+...+..+.+.........+.....+.+...........+.+.........+.....+................+...+.....+......+......+.......+..+...+......+.+...+...+.........+..............+.+.........+............+........+............+...+.........+.+......+...............+......+..+.+.........+...+.........+.....+....+...........+...+......+.+...+..+................+.....+....+...+.....+.+......+...........+....+.....+................+..+.+......+......+..+...+.............+.........+...+............+..+....+..+...+.+...+...+........+......+...+...............+.+.....+.+...+...+.....+...+......+.+..............+.+..+.+.........+.....+...............+.......+...............+......+...+..............+...+....+.....+.+.....+............+...+.............+..+...+..........+............+...+............+..+...+...+....+..+.........+.+......+...............+..+..........+.....+.+..+...+....+.....+.+..+...+.......+...+.....+.+...........+...............+....+.....+....+...........+.+.....+.............+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:CHENNAI
Organization Name (eg, company) [Default Company Ltd]:ABC
Organizational Unit Name (eg, section) []:XYZ
Common Name (eg, your name or your server's hostname) []:192.168.6.130
Email Address []:linuxhelp1@mailinator.com
Step 9: Create a directory in Apache document root location by using the below command
[root@linuxhelp ~]# mkdir /var/www/html/apache
Step 10: Change the directory to following path by using the below command
[root@linuxhelp ~]# cd /var/www/html/apache/
Step 11: Here create a index.html file and add some lines to view on the web by using the below command
[root@linuxhelp apache]# vim index.html
<h1> WELCOME TO LINUXHELP.COM </h1>
Step 12: Give the correct ownership to the directory by using the below command
[root@linuxhelp apache]# chown -R apache:apache /var/www/html/apache/
Step13: Create a new Virtual Host Configuration file by using the below command
[root@linuxhelp apache]# vim /etc/httpd/conf.d/apache.conf
<virtualhost *:443>
ServerName linuxhelp1.com
Documentroot /var/www/html/apache
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/apache-selfsigned.crt
SSLCertificateKeyFile /etc/pki/tls/private/apache-selfsigned.key
</virtualhost>
Step 14: Create a new host entry by using the below command
[root@linuxhelp apache]# vim /etc/hosts
192.168.6.130 linuxhelp1.com
Step 15: Finally restart the Apache service to apply all changes by using the below command
[root@linuxhelp apache]# systemctl restart httpd
Step 16: Go to Browser and search your domain as shown in the below image
Step 17: Here click Advanced and then click Accept the Risk and Continue as shown in the below images
Here we see the domain opens with padlock icon.
Now we can view our certificate details by clicking the padlock icon.
Conclusion:
We have reached the end of this article. In this guide, we have walked you through the steps required to install and configure OpenSSL for apache on Rocky Linux 9.3. Your feedback is much welcome.
Q
Can I use Let's Encrypt SSL certificates with Apache?
A
Yes, Let's Encrypt provides free SSL certificates that can be easily installed and managed with the Certbot tool. Follow the Certbot documentation for instructions specific to your operating system and web server.
Q
Is OpenSSL free?
A
OpenSSL is licensed under Apache and free to get and use.
Q
How can I verify SSL/TLS encryption in Apache?
A
Access your website using HTTPS (e.g., https://yourdomain.com) in a browser. Look for a padlock icon in the address bar to indicate a secure connection.
Q
How do I enable SSL/TLS encryption in Apache?
A
Run sudo dnf install mod_ssl to enable the SSL module, then sudo a2enmod ssl to activate it. Configure SSL/TLS certificates in /etc/httpd/conf.d/ssl.conf.
Q
What is OpenSSL, and why is it important for Apache?
A
OpenSSL is an open-source toolkit that implements the SSL and TLS protocols, essential for secure communication over computer networks. As a popular web server, Apache often requires OpenSSL to enable HTTPS encryption, ensuring secure data transmission between the server and clients.