Friday, August 7, 2009

Apache: Redirect http to https Apache secure connection – force HTTPS Connections

Apache: Redirect http to https Apache secure connection – force HTTPS Connections

Let us say you have website called http://www.sureshkumar.edu and you would like to redirect it to https secure connection i.e. https://www.sureshkumar.edu.

This will help you protect user privacy and sensitive information such as username and password remotely.

So how do you configure your Apache web server so that you prevent your web sites from being accessed without encryption?
Redirect http to https Apache Configuration

First make sure Apache is configured for HTTPS connection and necessary SSL certificates are installed.

Create a SSL Certificates:-

[root@www ~]# cd /etc/pki/tls/certs

[root@www certs]# make server.key
umask 77 ; \
/usr/bin/openssl genrsa -des3 1024 > server.key

Generating RSA private key, 1024 bit long modulus
......................................................++++++
.............++++++
e is 61251 (0x10001)
Enter pass phrase: // input pass phrase

Verifying - Enter pass phrase: // verify

[root@www certs]# openssl rsa -in server.key -out server.key

Enter pass phrase for server.key: // input pass phrase

writing RSA key
[root@www certs]#
[root@www certs]# make server.csr

umask 77 ; \
/usr/bin/openssl req -utf8 -new -key server.key -out server.csr

You are about to be asked to enter information that will be incorporated
Into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]: IN
State or Province Name (full name) [Berkshire]: Tamilnadu
Locality Name (eg, city) [Newbury]: Chennai
Organization Name (eg, company) [My Company Ltd]: Server Linux
Organizational Unit Name (eg, section): IT Solution
Common Name (eg, your server's hostname): www.sureshkumar.edu
Email Address: root@sureshkumar.edu

Please enter the following 'extra' attributes
To be sent with your certificate request
A challenge password: // Enter with empty

An optional company name: // Enter with empty

[root@www certs]# openssl x509 -in server.csr -out server.crt -req -signkey server.key -days 3650
// make CertificateFile

Signature ok
Subject=/C=IN/ST=Tamilnadu/L=Chennai/O=Server Linux/OU=IT Solution/CN=www.sureshkumar.edu/emailAddress=root@sureshkumar.ed Getting Private Key

[root@www certs]# chmod 400 server.*

Now open /etc/httpd/conf.d/ssl.conf
[root@www certs]# vim /etc/httpd/conf.d/ssl.conf

Append following line :
DocumentRoot "/var/www/html"
ServerName www.sureshkumar:443
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/certs/server.key

[root@www certs]# /etc/rc.d/init.d/httpd restart

Now open /etc/httpd/conf/httpd.conf

[root@sureshkumar certs]# vim /etc/httpd/conf/httpd.conf

Append following line:
Redirect permanent http://www.sureshkumar.edu/ https://www.sureshkumar.edu/

Any request made to http://www.sureshkumar.edu will go to https://www.sureshkumar.edu

Save and close the file. Restart the Apache:
# /etc/init.d/httpd restart

Open web browse type http://www.sureshkumar.edu
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)