Document toolboxDocument toolbox

(2024.2) Install Apache

Owned by David Engblom
Apr 16, 2024
2 min read

  1. Install the service

    yum -y install httpd



  2. Enable the Service

    systemctl enable httpd



  3. Create SSL Certificates

    ###################### # CENTOS # Generate Test Certificate # Generate Key openssl genrsa -des3 -out /etc/pki/tls/private/pcr360_test.key 4096 # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted openssl rsa -in /etc/pki/tls/private/pcr360_test.key -out /etc/pki/tls/private/pcr360_test.key # Generate Certificate Signing Request openssl req -new -sha256 -key /etc/pki/tls/private/pcr360_test.key -out pcr360_test.csr # Generate Certificate # This is only needed if setting up a self-signed certificate # In most cases, the CSR needs to go to the customer to get the signed certificate openssl x509 -sha256 -req -days 365 -in pcr360_test.csr -signkey /etc/pki/tls/private/pcr360_test.key -out /etc/pki/tls/certs/pcr360_test.crt # Generate Production Certificate # Generate Key openssl genrsa -des3 -out /etc/pki/tls/private/pcr360_prod.key 4096 # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted openssl rsa -in /etc/pki/tls/private/pcr360_prod.key -out /etc/pki/tls/private/pcr360_prod.key # Generate Certificate Signing Request openssl req -new -sha256 -key /etc/pki/tls/private/pcr360_prod.key -out pcr360_prod.csr # Generate Certificate # This is only needed if setting up a self-signed certificate # In most cases, the CSR needs to go to the customer to get the signed certificate openssl x509 -sha256 -req -days 365 -in pcr360_prod.csr -signkey /etc/pki/tls/private/pcr360_prod.key -out /etc/pki/tls/certs/pcr360_prod.crt ###################### # UBUNTU # Generate Test Certificate # Generate Key openssl genrsa -des3 -out /etc/ssl/private/pcr360_test.key 4096 # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted openssl rsa -in /etc/ssl/private/pcr360_test.key -out /etc/ssl/private/pcr360_test.key # Generate Certificate Signing Request openssl req -new -sha256 -key /etc/ssl/private/pcr360_test.key -out pcr360_test.csr # Generate Certificate # This is only needed if setting up a self-signed certificate # In most cases, the CSR needs to go to the customer to get the signed certificate openssl x509 -sha256 -req -days 365 -in pcr360_test.csr -signkey /etc/ssl/private/pcr360_test.key -out /etc/ssl/certs/pcr360_test.crt # Generate Production Certificate # Generate Key openssl genrsa -des3 -out /etc/ssl/private/pcr360_prod.key 4096 # Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted openssl rsa -in /etc/ssl/private/pcr360_prod.key -out /etc/ssl/private/pcr360_prod.key # Generate Certificate Signing Request (CSR) openssl req -new -sha256 -key /etc/ssl/private/pcr360_prod.key -out pcr360_prod.csr # Generate Certificate # This is only needed if setting up a self-signed certificate # In most cases, the CSR needs to go to the customer to get the signed certificate openssl x509 -sha256 -req -days 365 -in pcr360_prod.csr -signkey /etc/ssl/private/pcr360_prod.key -out /etc/ssl/certs/pcr360_prod.crt



  4. Install SSL Mod



  5. Restart Apache