RHEL6 – Configuring Apache with TLS/SSL Encryption

Henery-Hawk-iconDon’t let the acronyms and the word “Encryption” scare you, its actually very easy to enable TLS/SSL in Apache. So basically it sounds more complicated than it is — like these last two sentences for example.

First you should probably know what TLS and SSL are. Well according to Wikipedia …”Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols that provide communication security over the internet”

I am going to assume here that you have already installed and started Apache, I will also assume that you have SELinux configured properly, as well as IPTables.

So next step is to install mod_ssl

# yum -y install mod_ssl

Once install a new config file, called ssl.conf will be installed in /var/www/html/conf.d. Inside that file are a couple of configuration items that you need to be aware of.

# Point SSLCertificateFile at a PEM encoded certificate.  If
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

If you are replacing the test cert with a signed one you will need to drop it in /etc/pki/tls/certs and modify the lines in the section above to point to your new cert and your new key file.

Now restart apache.