Document toolboxDocument toolbox

(2022.1) Install Apache

Owned by Marty Goodrich
Sept 27, 2023
2 min read

  1. Install the service

    yum -y install httpd

  2. Enable the Service

    systemctl enable httpd

  3. Create SSL Certificates

    ######################
# CENTOS
# Generate Test Certificate
# Generate Key
openssl genrsa -des3 -out /etc/pki/tls/private/pcr360_test.key 4096  
# Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted
openssl rsa -in /etc/pki/tls/private/pcr360_test.key -out /etc/pki/tls/private/pcr360_test.key
# Generate Certificate Signing Request
openssl req -new -sha256 -key /etc/pki/tls/private/pcr360_test.key -out pcr360_test.csr
# Generate Certificate 
# This is only needed if setting up a self-signed certificate
# In most cases, the CSR needs to go to the customer to get the signed certificate
openssl x509 -sha256 -req -days 365 -in pcr360_test.csr -signkey  /etc/pki/tls/private/pcr360_test.key -out /etc/pki/tls/certs/pcr360_test.crt

# Generate Production Certificate
# Generate Key
openssl genrsa -des3 -out /etc/pki/tls/private/pcr360_prod.key 4096  
# Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted
openssl rsa -in /etc/pki/tls/private/pcr360_prod.key -out /etc/pki/tls/private/pcr360_prod.key
# Generate Certificate Signing Request
openssl req -new -sha256 -key /etc/pki/tls/private/pcr360_prod.key -out pcr360_prod.csr
# Generate Certificate 
# This is only needed if setting up a self-signed certificate
# In most cases, the CSR needs to go to the customer to get the signed certificate
openssl x509 -sha256 -req -days 365 -in pcr360_prod.csr -signkey  /etc/pki/tls/private/pcr360_prod.key -out /etc/pki/tls/certs/pcr360_prod.crt

######################
# UBUNTU
# Generate Test Certificate
# Generate Key
openssl genrsa -des3 -out /etc/ssl/private/pcr360_test.key 4096  
# Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted
openssl rsa -in /etc/ssl/private/pcr360_test.key -out /etc/ssl/private/pcr360_test.key 
# Generate Certificate Signing Request
openssl req -new -sha256 -key /etc/ssl/private/pcr360_test.key -out pcr360_test.csr
# Generate Certificate 
# This is only needed if setting up a self-signed certificate
# In most cases, the CSR needs to go to the customer to get the signed certificate
openssl x509 -sha256 -req -days 365 -in pcr360_test.csr -signkey  /etc/ssl/private/pcr360_test.key -out /etc/ssl/certs/pcr360_test.crt

# Generate Production Certificate
# Generate Key
openssl genrsa -des3 -out /etc/ssl/private/pcr360_prod.key 4096 
# Remove the passcode from the key. This prevents needing to enter the passcode every time Apache is restarted
openssl rsa -in /etc/ssl/private/pcr360_prod.key -out /etc/ssl/private/pcr360_prod.key
# Generate Certificate Signing Request (CSR)
openssl req -new -sha256 -key /etc/ssl/private/pcr360_prod.key -out pcr360_prod.csr
# Generate Certificate 
# This is only needed if setting up a self-signed certificate
# In most cases, the CSR needs to go to the customer to get the signed certificate
openssl x509 -sha256 -req -days 365 -in pcr360_prod.csr -signkey  /etc/ssl/private/pcr360_prod.key -out /etc/ssl/certs/pcr360_prod.crt

  4. Install SSL Mod

     yum -y install mod_ssl mod_headers mod_http2

  5. Restart Apache

    systemctl restart httpd