openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:keysize -out file
If an encrypted key is desired, use the -aes-256-cbc option.
openssl req -new -sha256 -key private_key -out filename
openssl req -key private_key -x509 -new -days days -out filename
You can combine the above command in OpenSSL into a single command which might be convenient in some cases:
openssl req -x509 -newkey rsa:4096 -days days -keyout key_filename -out cert_filename
In /etc/httpd/conf/httpd.conf
, uncomment the following three lines:
LoadModule ssl_module modules/mod_ssl.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Include conf/extra/httpd-ssl.conf
After obtaining a key and certificate, make sure the SSLCertificateFile
and SSLCertificateKeyFile
lines in /etc/httpd/conf/extra/httpd-ssl.conf
point to the key and certificate.
/etc/httpd/conf/httpd.conf
and /etc/httpd/conf/extra/httpd-ssl.conf
had a Listen 443
or Listen 80
then comment it out because if 2 file share Listen 443
then it will return an error.
Change the DocumentRoot
to your corresponsing server folder and change the ServerName
to what ever you like
In /etc/httpd/conf/extra/httpd-vhosts.conf
and do the following basic changes:
<VirtualHost *:80>
ServerAdmin [your made up name]@[your made up domain name]
DocumentRoot "[your website folder]"
ServerName [your server name]
ServerAlias [your server name]
ErrorLog "/var/log/httpd/domainname1.dom-error_log"
CustomLog "/var/log/httpd/domainname1.dom-access_log" common
<Directory "[your website folder]">
Require all granted
</Directory>
</VirtualHost>
<VirtualHost *:443>
ServerAdmin [your made up name]@[your made up domain name]
DocumentRoot "[your website folder]"
ServerName [your server name]
ServerAlias [your server name]
SSLEngine on
SSLCertificateFile "/etc/httpd/conf/[your certificate file].crt"
SSLCertificateKeyFile "/etc/httpd/conf/[your certificate key].key"
ErrorLog "/var/log/httpd/domainname1.dom-error_log"
CustomLog "/var/log/httpd/domainname1.dom-access_log" common
<Directory "[your website folder]">
Require all granted
</Directory>
</VirtualHost>
Finally, restart httpd.service
to apply any changes.