Apache Configuration for HTTPS Protocol

This section provides a tutorial example on how to install Web server certificates and configure Apache HTTP Server to support the HTTPS protocol.

If you have obtained your Web server certificate, associated private key, and CA certificates, you are ready to follow this tutorial to configure your Apache HTTP Server on a CentOS 8 system to support the HTTPS protocol.

1. Bundle CA certificates into a single CA certificate chain file. This can be done by concatenating CA certificates in PEM format into a single file. For example:

herong$ cat intermediate-ca-cert.pem root-ca-cert.pem > ca-chain-cert.pem

herong$ more ca-chain-cert.pem

2. Install Web server certificate, associated private key, and CA certificates under the system directory /etc/pki/tls.

herong$ sudo cp herongyang-key.pem /etc/pki/tls/private/
herong$ sudo cp herongyang-cert.pem /etc/pki/tls/certs/
herong$ sudo cp ca-chain-cert.pem /etc/pki/tls/certs/

3. Set SELinux context properties on certificate and key files. This is to ensure that the Web server program can access these files.

herong$ sudo chcon -u system_u /etc/pki/tls/certs/herongyang-cert.pem 
herong$ sudo chcon -u system_u /etc/pki/tls/certs/ca-chain-cert.pem

ls -lZ /etc/pki/tls/certs/
-r--r--r--. 1 root root system_u:object_r:cert_t:s0    herongyang-cert.pem 
-r--r--r--. 1 root root system_u:object_r:cert_t:s0    ca-chain-cert.pem

herong$ sudo chcon -u system_u /etc/pki/tls/private/herongyang-key.pem  

ls -lZ /etc/pki/tls/private/
-r--------. 1 root root system_u:object_r:cert_t:s0    herongyang-key.pem

4. Verify "IncludeOptional" setting in Apache HTTP Server configuration file httpd.conf. The output shows that httpd.conf is extended to include all *.conf files in the /etc/httpd/conf.d directory.

herong$ sudo grep -i -r "IncludeOptional" /etc/httpd/
  /etc/httpd/conf/httpd.conf:IncludeOptional conf.d/*.conf

herong$ sudo ls -l /etc/httpd/conf.d
  -rw-r--r--. 1 root root 2926 Mar 12 2021 autoindex.conf
  -rw-r--r--. 1 root root 1618 May  7 2020 php.conf
  -rw-r--r--. 1 root root  400 Nov 12 2021 README
  -rw-r--r--. 1 root root  481 Nov 12 2021 ssl.conf
  -rw-r--r--. 1 root root 1252 Nov 12 2021 userdir.conf
  -rw-r--r--. 1 root root  574 Nov 12 2021 welcome.conf

5. Select HTTPS support option, for example, supporting HTTPS with HTTP connections autoforwarded to HTTPS. This requires to configure 2 virtual hosts, one for HTTP and one for HTTPS. Add the "Redirect" directive in the HTTP virtual host to forward connections to the HTTPS virtual host.

6. Update ssl.conf file based the HTTPS support option. If it does not exist, add it.

herong$ sudo vi /etc/httpd/conf.d/ssl.conf

Listen 443
NameVirtualHost *:80
<VirtualHost *:80>
  ServerName www.herongyang.com:80
  Redirect permanent / https://www.herongyang.com/

<VirtualHost www.herongyang.com:443>
  DocumentRoot /var/www/html
  ServerName www.herongyang.com:443
  SSLEngine on
  SSLCertificateFile /etc/pki/tls/certs/herongyang-cert.pem
  SSLCertificateKeyFile /etc/pki/tls/private/herongyang-key.pem
  SSLCertificateChainFile /etc/pki/tls/certs/ca-chain-cert.pem

6. Install mod_ssl package.

herong$ sudo dnf install mod_ssl


7. Restart the Apache HTTP Server. You need to enter the pass phrase that protects your server private key. If this is a problem, you can remove the password protection from the private key file.

herong$ sudo apachectl restart
  Enter private key pass phrase: ********

8. Open firewall for 443/tcp connections.

herong$ sudo firewall-cmd --zone=public --add-service=https
herong$ sudo firewall-cmd --runtime-to-permanent

That's it. Users can now access http://www.herongyang.com, get redirected to https://www.herongyang.com and enjoy secure connections.

Table of Contents

 About This Book

 Introduction to Linux Systems

 Process Management

 Files and Directories

Running Apache HTTP Server (httpd) on Linux Systems

 What Is Apache HTTP Server "httpd"

 Install Apache HTTP Server "httpd"

 Enable Remote Access to "httpd" Service

 Publish Home Page index.html

 "apachectl status/start/stop" Commands

 Verify Apache HTTP Server "httpd" Environment

 Requirements for Supporting HTTPS on Apache

 Web Server Certificate and Required Fields

Apache Configuration for HTTPS Protocol

 Common Issues with Apache HTTPS Support

 Listen to Non-Standard Ports with Apache

 Running Apache Tomcat on Linux Systems

 Running PHP Scripts on Linux Systems

 Running MySQL Database Server on Linux Systems

 Running Python Scripts on Linux Systems

 Conda - Environment and Package Manager

 GCC - C/C++ Compiler

 OpenJDK - Open-Source JDK

 Graphics Environments on Linux

 SquirrelMail - Webmail in PHP

 Tools and Utilities


 Full Version in PDF/EPUB