Document toolboxDocument toolbox

Install Apache

  1. Install the service

    yum -y install httpd 
  2. Enable the Service

    systemctl enable httpd
  3. Create SSL Certificates

    ######################
    # CENTOS
    # Generate Test Certificate
    # Generate Key
    openssl genrsa -des3 -out /etc/pki/tls/private/pcr360_test.key 4096  
    # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted
    openssl rsa -in /etc/pki/tls/private/pcr360_test.key -out /etc/pki/tls/private/pcr360_test.key
    # Generate Certificate Signing Request
    openssl req -new -sha256 -key /etc/pki/tls/private/pcr360_test.key -out pcr360_test.csr
    # Generate Certificate 
    # This is only needed if setting up a self-signed certificate
    # In most cases, the CSR needs to go to the customer to get the signed certificate
    openssl x509 -sha256 -req -days 365 -in pcr360_test.csr -signkey  /etc/pki/tls/private/pcr360_test.key -out /etc/pki/tls/certs/pcr360_test.crt
    
    # Generate Production Certificate
    # Generate Key
    openssl genrsa -des3 -out /etc/pki/tls/private/pcr360_prod.key 4096  
    # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted
    openssl rsa -in /etc/pki/tls/private/pcr360_prod.key -out /etc/pki/tls/private/pcr360_prod.key
    # Generate Certificate Signing Request
    openssl req -new -sha256 -key /etc/pki/tls/private/pcr360_prod.key -out pcr360_prod.csr
    # Generate Certificate 
    # This is only needed if setting up a self-signed certificate
    # In most cases, the CSR needs to go to the customer to get the signed certificate
    openssl x509 -sha256 -req -days 365 -in pcr360_prod.csr -signkey  /etc/pki/tls/private/pcr360_prod.key -out /etc/pki/tls/certs/pcr360_prod.crt
    
    ######################
    # UBUNTU
    # Generate Test Certificate
    # Generate Key
    openssl genrsa -des3 -out /etc/ssl/private/pcr360_test.key 4096  
    # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted
    openssl rsa -in /etc/ssl/private/pcr360_test.key -out /etc/ssl/private/pcr360_test.key 
    # Generate Certificate Signing Request
    openssl req -new -sha256 -key /etc/ssl/private/pcr360_test.key -out pcr360_test.csr
    # Generate Certificate 
    # This is only needed if setting up a self-signed certificate
    # In most cases, the CSR needs to go to the customer to get the signed certificate
    openssl x509 -sha256 -req -days 365 -in pcr360_test.csr -signkey  /etc/ssl/private/pcr360_test.key -out /etc/ssl/certs/pcr360_test.crt
    
    # Generate Production Certificate
    # Generate Key
    openssl genrsa -des3 -out /etc/ssl/private/pcr360_prod.key 4096 
    # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted
    openssl rsa -in /etc/ssl/private/pcr360_prod.key -out /etc/ssl/private/pcr360_prod.key
    # Generate Certificate Signing Request (CSR)
    openssl req -new -sha256 -key /etc/ssl/private/pcr360_prod.key -out pcr360_prod.csr
    # Generate Certificate 
    # This is only needed if setting up a self-signed certificate
    # In most cases, the CSR needs to go to the customer to get the signed certificate
    openssl x509 -sha256 -req -days 365 -in pcr360_prod.csr -signkey  /etc/ssl/private/pcr360_prod.key -out /etc/ssl/certs/pcr360_prod.crt
  4. Install SSL Mod

     yum -y install mod_ssl mod_headers mod_http2
  5. Restart Apache

    systemctl restart httpd

Help Desk Portal - Email: help@pcr.com - Phone: 616.259.9242