igorparrabastias/gist:9255400

## gistfile1.sh
# GENERAR CERTIFICADO AUTOFIRMADO

# Importante. Asume root temporalmente para estos procedimientos
su -

# Crear todo los archivos en este directorio y no borrarlos nunca! para evitar problemas con SELinux
mkdir ~/securing-server
cd ~/securing-server

# Obtener software requerido
yum install mod_ssl openssl

# Generar llave privada
openssl genrsa -out ca.key 2048
# Generar CSR (Certificate Signing Request)
openssl req -new -key ca.key -out ca.csr
# Generar llave autofirmada
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

# Copiar a respectivas ubicaciones (en Centos). No mover! para evitar problemas con SELinux
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

# CONFIGURAR VIRTUALHOSTS

# Tomando este host
<VirtualHost *:80>
        <Directory /var/www/vhosts/yoursite.com/httpdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
        ServerName yoursite.com
        ErrorLog /var/log/yoursite.com.error.log
        CustomLog /var/log/yoursite.com.access.log common
</VirtualHost>

# Agrega la version segura así:
NameVirtualHost *:443
<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/vhosts/yoursite.com/httpsdocs>
        AllowOverride All
        </Directory>
        DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
        ServerName yoursite.com
        ErrorLog /var/log/yoursite.com.error.log
        CustomLog /var/log/yoursite.com.access.log common
</VirtualHost>

# Reiniciar
/etc/init.d/httpd restart

# FIREWALL
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
/sbin/service iptables save
iptables -L -v

### ref: http://wiki.centos.org/HowTos/Https
	# GENERAR CERTIFICADO AUTOFIRMADO

	# Importante. Asume root temporalmente para estos procedimientos
	su -

	# Crear todo los archivos en este directorio y no borrarlos nunca! para evitar problemas con SELinux
	mkdir ~/securing-server
	cd ~/securing-server

	# Obtener software requerido
	yum install mod_ssl openssl

	# Generar llave privada
	openssl genrsa -out ca.key 2048
	# Generar CSR (Certificate Signing Request)
	openssl req -new -key ca.key -out ca.csr
	# Generar llave autofirmada
	openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

	# Copiar a respectivas ubicaciones (en Centos). No mover! para evitar problemas con SELinux
	cp ca.crt /etc/pki/tls/certs
	cp ca.key /etc/pki/tls/private/ca.key
	cp ca.csr /etc/pki/tls/private/ca.csr

	# CONFIGURAR VIRTUALHOSTS

	# Tomando este host
	<VirtualHost *:80>
	<Directory /var/www/vhosts/yoursite.com/httpdocs>
	AllowOverride All
	</Directory>
	DocumentRoot /var/www/vhosts/yoursite.com/httpdocs
	ServerName yoursite.com
	ErrorLog /var/log/yoursite.com.error.log
	CustomLog /var/log/yoursite.com.access.log common
	</VirtualHost>

	# Agrega la version segura así:
	NameVirtualHost *:443
	<VirtualHost *:443>
	SSLEngine on
	SSLCertificateFile /etc/pki/tls/certs/ca.crt
	SSLCertificateKeyFile /etc/pki/tls/private/ca.key
	<Directory /var/www/vhosts/yoursite.com/httpsdocs>
	AllowOverride All
	</Directory>
	DocumentRoot /var/www/vhosts/yoursite.com/httpsdocs
	ServerName yoursite.com
	ErrorLog /var/log/yoursite.com.error.log
	CustomLog /var/log/yoursite.com.access.log common
	</VirtualHost>

	# Reiniciar
	/etc/init.d/httpd restart

	# FIREWALL
	iptables -A INPUT -p tcp --dport 443 -j ACCEPT
	/sbin/service iptables save
	iptables -L -v

	### ref: http://wiki.centos.org/HowTos/Https