Home > CentOS > CentOS 6.x > Apache web server configuration > Installing SSL certificate in Apache

For installation of certificate in apache use following steps:

1. Copy all (certificate, key, CA bundle) to /etc/httpd/conf folder
2. chmod 400 ssl.key
3. Edit /etc/httpd/conf.d/ssl.conf and replace appropriate values. Following three values need to be updated:

   SSLCertificateFile /etc/httpd/conf/ssl.pem
   SSLCertificateKeyFile /etc/httpd/conf/ssl.key
   SSLCACertificateFile /etc/httpd/conf/ca-bundle.pem

4. Restart apache and verify that certificate is working as expected.

Securing Apache SSL configuration

Default SSL configuration of apache is vulnerable to many attacks. We can improve apache SSL configuration as follows:

1. Edit /etc/httpd/conf/ssl.conf and replace/insert following two values

   SSLEngine on
   SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
   SSLHonorCipherOrder on
   SSLCipherSuite "EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA!RC4:EECDH:!RC4:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS"
   Header always set Strict-Transport-Security "max-age=31536000"

   In case of Virtualhost 'SSLEngine On' line is also required.

2. Check ranking of HTTPS security using https://www.ssllabs.com/ssltest/index.html

Refer:

• https://www.mysterydata.com/how-to-get-a-score-rating-in-ssllabs-qualys/

Home > CentOS > CentOS 6.x > Apache web server configuration > Installing SSL certificate in Apache