How to Install mod_ssl and SSL certificate on Oracle Linux
To Install mod_ssl and ssl certificate on Oracle Linux
Introduction :
A mod SSL library implements the SSL and TLS protocols to provide secure network communication. It may also support SSL v3 and TLS v1.x for Apache HTTP Server. This function implements cryptographic functions and provides utility functions.
Installation steps :
Step 1 : check the version of the OS
[root@linuxhelp ~]# cat /etc/os-release
NAME="Oracle Linux Server"
VERSION="8.4"
ID="ol"
ID_LIKE="fedora"
VARIANT="Server"
VARIANT_ID="server"
VERSION_ID="8.4"
PLATFORM_ID="platform:el8"
PRETTY_NAME="Oracle Linux Server 8.4"
ANSI_COLOR="0;31"
Step 2 : Install the Apache
[root@linuxhelp ~]# yum install httpd*
Last metadata expiration check: 0:02:46 ago on Saturday 11 December 2021 02:05:10 AM IST.
Dependencies resolved.
============================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================
Installing:
httpd x86_64 2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9 ol8_appstream 1.4 M
httpd-devel x86_64 2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9 ol8_appstream 222 k
httpd-filesystem noarch 2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9 ol8_appstream 40 k
httpd-manual noarch 2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9 ol8_appstream 2.4 M
httpd-tools x86_64 2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9 ol8_appstream 107 k
Installing dependencies:
apr x86_64 1.6.3-12.el8 ol8_appstream 129 k
apr-devel x86_64 1.6.3-12.el8 ol8_appstream 246 k
apr-util x86_64 1.6.1-6.el8 ol8_appstream 105 k
apr-util-devel x86_64 1.6.1-6.el8 ol8_appstream 86 k
cyrus-sasl-devel x86_64 2.1.27-5.el8 ol8_baseos_latest 128 k
expat-devel x86_64 2.2.5-4.el8 ol8_baseos_latest 55 k
httpd-tools-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64 libdb-devel-5.3.28-40.el8.x86_64
mod_http2-1.15.7-3.module+el8.4.0+20024+b87b2deb.x86_64 openldap-devel-2.4.46-16.el8.x86_64
oracle-logos-httpd-84.5-1.0.1.el8.noarch
Complete!
Step 3 : Installing mod_ssl
[root@linuxhelp ~]# yum install mod_ssl
Last metadata expiration check: 0:05:15 ago on Saturday 11 December 2021 02:05:10 AM IST.
Dependencies resolved.
============================================================================================================================================
Package Architecture Version Repository Size
============================================================================================================================================
Installing:
mod_ssl x86_64 1:2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9 ol8_appstream 136 k
Transaction Summary
============================================================================================================================================
Install 1 Package
Total download size: 136 k
Installed size: 266 k
Is this ok [y/N]: y
Downloading Packages:
mod_ssl-2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64.rpm 790 kB/s | 136 kB 00:00
--------------------------------------------------------------------------------------------------------------------------------------------
Total 750 kB/s | 136 kB 00:00
Running transaction check
Transaction check succeeded.
Running transaction test
Installed:
mod_ssl-1:2.4.37-43.0.1.module+el8.5.0+20426+404a9eb9.x86_64
Complete!
Step 4 : Restart httpd service
[root@linuxhelp ~]# systemctl start httpd
Step 5 : Enable httpd service
[root@linuxhelp ~]# systemctl enable httpd
Created symlink /etc/systemd/system/multi-user.target.wants/httpd.service → /usr/lib/systemd/system/httpd.service.
Step 6 : check the status of httpd
[root@linuxhelp ~]# systemctl status httpd
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Sat 2021-12-11 02:11:57 IST; 20s ago
Docs: man:httpd.service(8)
Main PID: 34724 (httpd)
Status: "Running, listening on: port 443, port 80"
Tasks: 213 (limit: 10509)
Memory: 25.4M
CGroup: /system.slice/httpd.service
├─34724 /usr/sbin/httpd -DFOREGROUND
├─34731 /usr/sbin/httpd -DFOREGROUND
├─34732 /usr/sbin/httpd –DFOREGROUND
(check the ssl status)
Step 7 : check the ssl status
[root@linuxhelp ~]# apachectl -M |grep ssl
AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using fe80::20c:29ff:feb9:ab7e. Set the 'ServerName' directive globally to suppress this message
ssl_module (shared)
step 8 : generate the ssl certificates
[root@linuxhelp ~]# openssl req -newkey rsa:2048 -nodes -keyout /keys/linuxhelp.key -x509 -days 365 -out /keys/linuxhelp.crt
Generating a RSA private key
.+++++
....................................+++++
writing new private key to '/keys/linuxhelp.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:in
State or Province Name (full name) []:
Locality Name (eg, city) [Default City]:
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:
Email Address []:
Step 9 : To change the directory
[root@linuxhelp ~]# cd /keys/
Step 10 : To list the files
[root@linuxhelp keys]# ll
total 8
-rw-r--r-- 1 root root 1237 Dec 11 07:02 linuxhelp.crt
-rw------- 1 root root 1704 Dec 11 07:01 linuxhelp.key
Step 11 : Edit the ssl certificate path
[root@linuxhelp keys]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /keys/linuxhelp.crt
SSLCertificateKeyFile /keys/linuxhelp.key
Step 12 : create a Redirect file append following lines
[root@linuxhelp ~]# vim /etc/httpd/conf.d/redirect_http.conf
<VirtualHost _default_:80>
Servername linuxhelp
Redirect permanent / https://linuxhelp
</VirtualHost>
Step 13 : Restart the httpd service
[root@linuxhelp ~]# systemctl restart httpd
(check the ssl status)
With this Installation of mod_ssl and SSL certificate on Oracle Linux comes to an end.
Q
Is it possible to use one SSL certificate for multiple domains on the same server?
A
Yes, it is possible to use one SSL certificate for multiple domains on the same server.
Q
What is MDC in SSL?
A
Multi-Domain SSL Certificates allow you to secure as many as 1000 domains with one certificate.
Q
What is EV SSL?
A
EV SSL stands for Extended Validation certificates.
Q
How many types of SSL certificates are available?
A
There are six main types of certificates available.
Q
How do SSL certificates work?
A
It uses encryption algorithms to scramble data in transit, which prevents hackers from reading it as it is sent over the connection.