Showing posts with label OpenSSL. Show all posts
Showing posts with label OpenSSL. Show all posts

Friday, September 1, 2017

CentOS: Enabling SSL (Doesn't work perfectly)

Command:

# cd /etc/httpd/conf.d/
# diff /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.org


Result:

105,106c105
< #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
< SSLCertificateFile /etc/pki/tls/certs/ca.crt
---
> SSLCertificateFile /etc/pki/tls/certs/localhost.crt
113,114c112
< #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
< SSLCertificateKeyFile /etc/pki/tls/private/ca.key
---
> SSLCertificateKeyFile /etc/pki/tls/private/localhost.key


Command:

# sudo openssl genrsa -out ca.key 2048


Result:

Generating RSA private key, 2048 bit long modulus
........................................................................................+++
..........+++
e is 65537 (0x10001)


Command:

# sudo openssl req -new -key ca.key -out ca.csr


Result:

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]: US
State or Province Name (full name) []: SOMEWHERE1
Locality Name (eg, city) [Default City]: SOMEWHERE2
Organization Name (eg, company) [Default Company Ltd]:
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []: www.myserver.com
Email Address []:admin@myserver.com

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []: PASSWORD
An optional company name []:


Command:

# sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt


Result:

Signature ok
subject=/C=US/ST=SOMEWHERE1/L=SOMEWHERE2/O=Default Company Ltd/CN=www.myserver.com/emailAddress=admin@myserver.com
Getting Private key


Command:

# sudo cp ca.crt /etc/pki/tls/certs
# sudo cp ca.key /etc/pki/tls/private/ca.key
# sudo cp ca.csr /etc/pki/tls/private/ca.csr


Command:

# diff /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.org


Result:

105,106c105
< #SSLCertificateFile /etc/pki/tls/certs/localhost.crt
< SSLCertificateFile /etc/pki/tls/certs/ca.crt
---
> SSLCertificateFile /etc/pki/tls/certs/localhost.crt
113,114c112
< #SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
< SSLCertificateKeyFile /etc/pki/tls/private/ca.key
---
> SSLCertificateKeyFile /etc/pki/tls/private/localhost.key


Command:

# apachectl restart


Result:

[Fri Sep 01 05:21:33 2017] [warn] module ssl_module is already loaded, skipping


Command:

# sudo mkdir -p /var/www/html/ssl
# sudo mkdir -p /etc/httpd/sites-available
# sudo mkdir -p /etc/httpd/sites-enabled

# apachectl restart
# vi httpd.conf
# diff httpd.conf httpd.conf.bkup20170901


Result:

217d216
< #LoadModule ssl_module modules/mod_ssl.so
1012,1021d1010
<
< #Listen 443
< #<VirtualHost *:443>
< # ServerName www.myserver.com
< # SSLEngine on
< # SSLCertificateFile "/path/to/www.example.com.cert"
< # SSLCertificateKeyFile "/path/to/www.example.com.key"
< #</VirtualHost>
<
< IncludeOptional sites-enabled/*.conf


Command:

# cat ssl.conf


Result:

<VirtualHost *:443>
ServerAdmin admin@myserver.com
DocumentRoot "/var/www/html/ssl/"
ServerName Myserver
ServerAlias myserver
ErrorLog /var/www/html/ssl/error.log

<Directory "/var/www/html/ssl/">
DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
</VirtualHost>


Command:

# sudo ln -s /etc/httpd/sites-available/ssl.conf /etc/httpd/sites-enabled/ssl.conf
# apachectl restart


Result:

apachectl: Configuration syntax error, will not run "restart":
Syntax error on line 1021 of /etc/httpd/conf/httpd.conf:
Invalid command 'IncludeOptional', perhaps misspelled or defined by a module not included in the server configuration


Command:

# diff httpd.conf httpd.conf.bkup20170901


Result:

217d216
< #LoadModule ssl_module modules/mod_ssl.so
1012,1021d1010
<
< #Listen 443
< #<VirtualHost *:443>
< # ServerName www.myserver.com
< # SSLEngine on
< # SSLCertificateFile "/path/to/www.example.com.cert"
< # SSLCertificateKeyFile "/path/to/www.example.com.key"
< #</VirtualHost>
<
< Include sites-enabled/


Command:

# apachectl restart


Result:

[Fri Sep 01 05:42:50 2017] [warn] _default_ VirtualHost overlap on port 443, the first has precedence


Reference:

http://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/

CentOS: Installing mod_ssl & openssl

Command:

# sudo yum install mod_ssl openssl


Result:

Loaded plugins: fastestmirror, security
Loading mirror speeds from cached hostfile
epel/metalink                                                                                                                             | 5.4 kB     00:00    
 * base: ftp.tsukuba.wide.ad.jp
 * epel: ftp.riken.jp
 * extras: ftp.tsukuba.wide.ad.jp
 * updates: ftp.tsukuba.wide.ad.jp
base                                                                                                                                      | 3.7 kB     00:00    
cr                                                                                                                                        | 2.9 kB     00:00    
epel                                                                                                                                      | 4.3 kB     00:00    
epel/primary_db                                                                                                                           | 5.9 MB     00:00    
extras                                                                                                                                    | 3.4 kB     00:00    
updates                                                                                                                                   | 3.4 kB     00:00    
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.x86_64 1:2.2.15-60.el6.centos.5 will be installed
---> Package openssl.x86_64 0:1.0.1e-16.el6_5.14 will be updated
---> Package openssl.x86_64 0:1.0.1e-57.el6 will be an update
--> Finished Dependency Resolution

Dependencies Resolved

=================================================================================================================================================================
 Package                           Arch                             Version                                              Repository                         Size
=================================================================================================================================================================
Installing:
 mod_ssl                           x86_64                           1:2.2.15-60.el6.centos.5                             updates                            98 k
Updating:
 openssl                           x86_64                           1.0.1e-57.el6                                        base                              1.5 M

Transaction Summary
=================================================================================================================================================================
Install       1 Package(s)
Upgrade       1 Package(s)

Total download size: 1.6 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): mod_ssl-2.2.15-60.el6.centos.5.x86_64.rpm                                                                                          |  98 kB     00:00    
(2/2): openssl-1.0.1e-57.el6.x86_64.rpm                                                                                                   | 1.5 MB     00:00    
-----------------------------------------------------------------------------------------------------------------------------------------------------------------
Total                                                                                                                             16 MB/s | 1.6 MB     00:00    
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating   : openssl-1.0.1e-57.el6.x86_64                                                                                                                  1/3
  Installing : 1:mod_ssl-2.2.15-60.el6.centos.5.x86_64                                                                                                       2/3
  Cleanup    : openssl-1.0.1e-16.el6_5.14.x86_64                                                                                                             3/3
  Verifying  : openssl-1.0.1e-57.el6.x86_64                                                                                                                  1/3
  Verifying  : 1:mod_ssl-2.2.15-60.el6.centos.5.x86_64                                                                                                       2/3
  Verifying  : openssl-1.0.1e-16.el6_5.14.x86_64                                                                                                             3/3

Installed:
  mod_ssl.x86_64 1:2.2.15-60.el6.centos.5                                                                                                                      

Updated:
  openssl.x86_64 0:1.0.1e-57.el6                                                                                                                                

Complete!

Monday, July 31, 2017

macOS Sierra: Fixing Compile Error ‘openssl/sha.h’ file not found

Command:

cd /usr/local/include
ln -s ../opt/openssl/include/openssl .

Monday, July 18, 2016

CentOS: Installing OpenSSH Server

Command:

# yum -y install openssh-server

Result:

Failed to set locale, defaulting to C
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.jaist.ac.jp
* extras: ftp.jaist.ac.jp
* updates: ftp.jaist.ac.jp
Package openssh-server-6.6.1p1-25.el7_2.x86_64 already installed and latest version
Nothing to do