OpenSSL – Why & How to Use

OpenSSL SSL,the secure socket layer is used to encrypt data stream between the web server and client i.e browser. We all surf a lot of website in daily routine. You may have noticed that a large number of website’s have URL starting with something like ‘https://www.domain.com’ while others do not contain ‘HTTPS’ in their URL. HTTPS is a secure protocol which is used in e-commerce websites, online banking sites where credit card and bank transactions are performed and public chat domains etc. where security is the top most concern because everything which flow on HTTP protocol can’t be assumed secured communication,thus HTTPS protocol is used. HTTPS uses SSL to make the communication secure.

SSL uses asymmetric cryptography which is also knows as public key cryptography. This type of cryptography create two keys: one is private and other is public . Anything encrypted with private key can be decrypted with its corresponding public key only, this ensures that the data has come from the valid server only and not from any fake or malware attacking website.

As you may already know that this article is about installing certificate on Apache server but most of you guys may be thinking why certificate is necessary when the communication is already secure ? Yes, Certificate is not necessary, but adding the certificate on your domain makes the domain reliable among people browsing that domain. SSL certificate perform a crucial role in all communication process. A Certificate signed by a trusted third parth CA ensures that the domain containing their Certificate in genuine domain and is who he claims to be.

So i think i have told you enough and now you know why are you implimening SSL Certificate on your domain. So i am going to show you the SSL Certificate implementation process:

Install required packages

[root@webserver ~]# Yum install mod_ssl openssl

Create a directory where you want to create ssl files,change to the that directory and run:

[root@webserver ~]# cd /etc/httpd/conf.d/keys

[root@webserver keys]# openssl req -nodes -newkey rsa:2048 -keyout www.linuxonlinesolutions.com.key -out www.linuxonlinesolutions.com.csr

Now as per process, we will submit our csr file to CA and in response they will provide us ssl certificate file and ssl certificate chain file.Once we will get the required files from CA, we will configure our VirtualHost as shown below.

 <VirtualHost *:443>
ServerAdmin serveradmin@@linuxonlinesolutions.com
ServerName www.linuxonlinesolutions.com
DocumentRoot /var/www/html/linuxonlinesolutions
SSLEngine on
SSLCertificateFile /etc/httpd/conf.d/keys/www.linuxonlinesolutions.com.crt
SSLCertificateKeyFile /etc/httpd/conf.d/keys/www.linuxonlinesolutions.com.key
SSLCertificateChainFile /etc/apache2/keys/gd_bundle.crt
</VirtualHost>

Now just restart your Apache service and congrats you are ready with secure website.

[root@webserver ~]# service httpd restart
You can leave a response, or trackback from your own site.

Leave a Reply