Education Center

Sequence 1: The guide to Installing and configuring Apache Httpd for TLS encryption on RHEL, Debian, OpenSUSE

Author avatar

Fabiola Vega Padilla

International Marketing Specialist


Cover image

In the vast world of web server administration, security stands as a paramount concern. As data transmission between clients and servers becomes increasingly vital, ensuring its protection becomes non-negotiable. In this landscape, setting up a web server on a Linux distribution entails a fundamental task: ensuring the security of transmitted data. At the vanguard of this attempt, it is located the implementation of Transport Layer Security (TLS) encryption. For anyone involved in web development or hosting, mastering TLS encryption is not just a best practice but a foundational skill in safeguarding sensitive information exchanged over the web. 

In this first article of our sequence: Installing web servers on different Linux distributions we dig into the process of installing and configuring one of the most popular web servers for Linux “Apache Httpd“ to enable TLS encryption on popular operating systems such as Red Hat Enterprise Linux (RHEL), Debian, and OpenSUSE. This detailed guide provides clear and practical steps for implementing an additional layer of security on your Apache Htttpd web servers, consequently ensuring the confidentiality and integrity of communication.

Install and Configure Apache Httpd for TLS encryption - Full process Install and Configure Apache Httpd for TLS encryption - Full process

But before diving into the configuration process, it is essential to ensure that the following prerequisites are met:  

Prerequisites: 

Updating already present packages. Special privileges will be required for certain operations throughout the procedure: 

RHEL 

dnf update -y 

Note: Use yum if dnf is not present on the machine 

Ubuntu 

apt update –y 

Note: Use apt-get if apt is not present on the machine  

OpenSUSE 

zypper refresh 

Stalling Apache process:  

Write the different commands for each system:  

RHEL 

dnf install -y net-tools httpd  

Ubuntu 

sudo apt install apache2 

OpenSUSE 

zypper install -y apache2  

Note: The service should not have started yet. It can be started with the systemctl start httpd command, after what it will start listening on part 80 by default. This is not secure; it is highly recommended to use https (port 443) and not http (port 80). 

Configuring Apache for TLS encryption: 

The mod_ssl package is required.  Then, insert the following commands for each system: 

RHE 

dnf install -y mod_ssl 

Ubuntu 

apt a2enmod ssl 

After that, store the private key, the TLS and the CA certificate in the directory of your choice. 

Once this is done, edit the /etc/httpd/conf.d/ssl.conf file (/etc/apache2/sites-available/default-ssl.conf for Ubuntu and OpenSUSE) and under the <VirtualHost _default_:443> directive and follow next instructions:  

Set the server's name:  

ServerName url.com  

If different aliases are meant to be used for the server, they should be added in the Subject Alternative Name field of the certificate. To add those alternative names to the configuration, add the following line:  

ServerAlias www.url.com *.url.com 

Set the paths to the private key, the TLS certificate and the CA certificate. The TLS certificate’s Common Name should match the name that will be used for the server (here, url.com). Those certificates can be generated using Stream’s PKI or Horizon’s registration authority.

SSLCertificateKeyFile "/path/url.com.key" SSLCertificateFile "/path/url.com.crt" SSLCACertificateFile "/path/ca.crt"

Note: By default, TLS 1.2 and TLS 1.3 are enabled. For stronger security, it is possible to enable only TLS 1.3 by adding the following line: 

SSLProtocol -All +TLSv1.3 

Make the private key secure and less accessible by making it only accessible to the root user. To do so, make the root user the owner of the key file and make the file readable and writable only by the root user. 

chown root:root /path/url.com.key  

chmod 600 /path/url.com.key 

Start or restart the service: 

[RHEL] systemctl restart httpd  

[Ubuntu/OpenSUSE] systemctl restart apache2 

Conclusion: 

Installing a web server on a Linux distribution is a crucial step in setting up a web hosting environment whether you choose depends on your specific requirements and preferences, they offer robust features and performance optimizations for serving web content efficiently. By following the appropriate installation instructions for your chosen Linux distribution, you can quickly set up a reliable web server and start hosting your websites or applications for the world to access. 

Logo EVERTRUST

EVERTRUST is a European company that provides a complete solution to manage your certificates. We are a team of experts in security and cryptography.

EVERTRUST

Products

Use cases

 


EVERTRUST© 2024 - All rights reserved. Privacy policy Terms & Mentions