mod_sslmodule provides SSL v3 and TLS v1.x support for the Apache HTTP Server. This article provides you with a basic step by step
mod_sslconfiguration on RHEL 8 Linux server with
In this tutorial you will learn:
- How to install
- How to enable
- How to create a self-signed certificate
- How to include existing SSL certificate into
- How to redirect all non-ssl HTTP traffic to HTTPS
Software Requirements and Conventions Used
|Category||Requirements, Conventions or Software Version Used|
|System||Red Hat Enterprise Linux 8|
|Other||Privileged access to your Linux system as root or via the |
|Conventions|| # - requires given linux commands to be executed with root privileges either directly as a root user or by use of |
How to install mod_ssl on RHEL 8 step by step instructions
This article assumes that you have already performed a basic installation and configuration of Apache webserver on your RHEL 8 server.
The first step is to install
# dnf install mod_ssl
In case that you have just installed
mod_ssl, the module may not be enabled yet. To test whether
mod_sslis enabled execute:
# apachectl -M | grep sslIn case you see no output from the above command your
mod_sslis not enabled. To enable the
mod_sslmodule restart your
# systemctl restart httpd # apachectl -M | grep ssl ssl_module (shared)
- Open TCP port 443 to allow incoming traffic with
# firewall-cmd --zone=public --permanent --add-service=https success # firewall-cmd --reload success
At this point you should be able to access your Apache webserver via HTTPS protocol. Navigate your browser to
- Generate SSL certificate.
In case you do not already posses a proper SSL certificates for your server use the below command to generate new self-signed certificate.
For example let's generate a new self-signed certificate for host
rhel8with 365 days expiry:
# openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/httpd.key -x509 -days 365 -out /etc/pki/tls/certs/httpd.crt Generating a RSA private key ................+++++ ..........+++++ writing new private key to '/etc/pki/tls/private/httpd.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:AU State or Province Name (full name) : Locality Name (eg, city) [Default City]: Organization Name (eg, company) [Default Company Ltd]:LinuxConfig.org Organizational Unit Name (eg, section) : Common Name (eg, your name or your server's hostname) :rhel8 Email Address :After successful execution of the above command the following two SSL files will be created:
# ls -l /etc/pki/tls/private/httpd.key /etc/pki/tls/certs/httpd.crt -rw-r--r--. 1 root root 1269 Jan 29 16:05 /etc/pki/tls/certs/httpd.crt -rw-------. 1 root root 1704 Jan 29 16:05 /etc/pki/tls/private/httpd.key
- Configure Apache web-server with new SSL certificates.
To include your newly created SSL certificate into the Apache web-server configuration open the
/etc/httpd/conf.d/ssl.conffile with administrative privileges and change the following lines:
FROM: SSLCertificateFile /etc/pki/tls/certs/localhost.crt SSLCertificateKeyFile /etc/pki/tls/private/localhost.key TO: SSLCertificateFile /etc/pki/tls/certs/httpd.crt SSLCertificateKeyFile /etc/pki/tls/private/httpd.keyOnce ready reload the
# systemctl reload httpd
- Test your
mod_sslconfiguration by navigating the web browser to
- As an optional step redirect all HTTP traffic to HTTPS.
T do so create a new file
/etc/httpd/conf.d/redirect_http.confwith a following content:
To apply the change reload the
<VirtualHost _default_:80> Servername rhel8 Redirect permanent / https://rhel8/ </VirtualHost>
# systemctl reload httpdThe above configuration will redirect any incoming traffic from
https://rhel8URL. For more information about TLS/SSL configuration on RHEL Linux server visit our How to setup SSL/TLS with Apache httpd on Red Hat guide.