How to configure SSL/TLS in Apache httpd?

Solution Verified - Updated 7 Aug 2024

Environment

Red Hat Enterprise Linux (RHEL)
- 5.x
- 6.x
- 7.x
- 8.x
- 9.x

Red Hat JBoss Web Server (JWS)
- 2.x
- 3.x
- 5.x
Red Hat JBoss Core Services Apache httpd (JBCS)
- httpd-2.4.x

Issue

How do I configure Apache httpd to use a certificate file for SSL?
Please let me know about the SSL configuration of JBoss Enterprise Web Server (EWS).
How to enable https in Apache httpd server?
Configure SSL in apache web server in redhat linux 6.3
Please suggest how to do the SSL configuration in web server so that i can access the application using https.
Please share resources for securing html with successfully installed SSL certificate.
How to implement https in webserver httpd in Redhat 5.5

How to configure SSL/TLS in Apache httpd?

Resolution

Make sure that mod_ssl is installed (not necessary if using a JWS/JBCS zip distribution)
```
$ rpm -qa | grep mod_ssl
```
If mod_ssl is not installed, install it using yum:
```
$ yum install mod_ssl
```

Edit HTTPD_HOME/conf.d/ssl.conf and update the ServerName, SSLCertificateFile, and SSLCertificateKeyFile as appropriate for your environment.

<VirtualHost _default_:443>
#ServerName www.example.com:443

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

The ServerName must match the Common Name (CN) of the SSL certificate, or client browsers will get a "domain mismatch" message.
The SSLCertificateKeyFile is the private key associate with the certificate (the public key).
Verify that the Listen directive in ssl.conf is correct for your setup. For example, if an IP address is specified, it needs to match the ip address the httpd service is bound to.

Restart Apache:
```
    # RHEL 5 & 6
$ service httpd restart
    # RHEL 7 , RHEL8, RHEL9
$ systemctl restart httpd.service
```
Or reload Apache configuration:
```
    # RHEL 5 & 6
$ service httpd graceful
    # RHEL 7, RHEL8, RHEL9
$ systemctl reload httpd.service
```
For a reference and setup guide for mod_ssl with Apache 2.2 (RHEL 5 and 6), see the Content from httpd.apache.org is not included.apache ssl documentation for httpd 2.2
For a reference and setup guide for mod_ssl with Apache 2.4 (RHEL 7), see the Content from httpd.apache.org is not included.apache ssl documentation for httpd 2.4
For a reference on creating a certificate and certificate signing request, see Creating a 'Certificate Signing Request'
For a reference on creating self-signed certs, see How to create a self-signed certificate on Red Hat Enterprise Linux with OpenSSL?
For a reference on how to use NSS modules, see This content is not included.How to configure Apache web server with SSL on RHEL5 to use Root Certificate Authorities like Verisign using mod_nss
This is also covered the RHEL 6 documentation

Diagnostic Steps

To view the certificate Common Name (CN):

# openssl x509 -noout -text -in localhost.crt | grep CN

Test connection to server : How to test SSL connectivity from the command line?

SBR

Product(s)

Red Hat Enterprise Linux

Components

Category

Configure

Tags

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.