(v1) Install Apache
Install the service
yum -y install httpd
Enable the Service
systemctl enable httpd
Create SSL Certificates
###################### # CENTOS # Generate Test Certificate # Generate Key openssl genrsa -des3 -out /etc/pki/tls/private/pcr360_test.key 4096 # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted openssl rsa -in /etc/pki/tls/private/pcr360_test.key -out /etc/pki/tls/private/pcr360_test.key # Generate Certificate Signing Request openssl req -new -sha256 -key /etc/pki/tls/private/pcr360_test.key -out pcr360_test.csr # Generate Certificate # This is only needed if setting up a self-signed certificate # In most cases, the CSR needs to go to the customer to get the signed certificate openssl x509 -sha256 -req -days 365 -in pcr360_test.csr -signkey /etc/pki/tls/private/pcr360_test.key -out /etc/pki/tls/certs/pcr360_test.crt # Generate Production Certificate # Generate Key openssl genrsa -des3 -out /etc/pki/tls/private/pcr360_prod.key 4096 # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted openssl rsa -in /etc/pki/tls/private/pcr360_prod.key -out /etc/pki/tls/private/pcr360_prod.key # Generate Certificate Signing Request openssl req -new -sha256 -key /etc/pki/tls/private/pcr360_prod.key -out pcr360_prod.csr # Generate Certificate # This is only needed if setting up a self-signed certificate # In most cases, the CSR needs to go to the customer to get the signed certificate openssl x509 -sha256 -req -days 365 -in pcr360_prod.csr -signkey /etc/pki/tls/private/pcr360_prod.key -out /etc/pki/tls/certs/pcr360_prod.crt ###################### # UBUNTU # Generate Test Certificate # Generate Key openssl genrsa -des3 -out /etc/ssl/private/pcr360_test.key 4096 # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted openssl rsa -in /etc/ssl/private/pcr360_test.key -out /etc/ssl/private/pcr360_test.key # Generate Certificate Signing Request openssl req -new -sha256 -key /etc/ssl/private/pcr360_test.key -out pcr360_test.csr # Generate Certificate # This is only needed if setting up a self-signed certificate # In most cases, the CSR needs to go to the customer to get the signed certificate openssl x509 -sha256 -req -days 365 -in pcr360_test.csr -signkey /etc/ssl/private/pcr360_test.key -out /etc/ssl/certs/pcr360_test.crt # Generate Production Certificate # Generate Key openssl genrsa -des3 -out /etc/ssl/private/pcr360_prod.key 4096 # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted openssl rsa -in /etc/ssl/private/pcr360_prod.key -out /etc/ssl/private/pcr360_prod.key # Generate Certificate Signing Request (CSR) openssl req -new -sha256 -key /etc/ssl/private/pcr360_prod.key -out pcr360_prod.csr # Generate Certificate # This is only needed if setting up a self-signed certificate # In most cases, the CSR needs to go to the customer to get the signed certificate openssl x509 -sha256 -req -days 365 -in pcr360_prod.csr -signkey /etc/ssl/private/pcr360_prod.key -out /etc/ssl/certs/pcr360_prod.crt
Install SSL Mod
yum -y install mod_ssl mod_headers mod_http2
Restart Apache
systemctl restart httpd
Help Desk Portal - Email: help@pcr.com - Phone: 616.259.9242