How to install ssl certs in jump server(secure connection) ?

How to Create a SSL Certificate on ezeelogin jump server Apache for CentOS 6 /Centos 7/Centos 8 ?

 

Install Mod SSL

root@gateway :~# yum install mod_ssl openssl

Create a New Directory

  we need to create a new directory where we will store the server key and certificate

root@gateway : ~#  mkdir /etc/httpd/ssl

 

Create a Self Signed Certificate

When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.

 

root@gateway:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

 
With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.
 
This command will prompt terminal to display a lists of fields that need to be filled in.
 
 

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value, If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State] :New York

Locality Name (eg, city) [] :NYC

Organization Name (eg, company) [Internet Widgits Pty Ltd] :Awesome Inc

Organizational Unit Name (eg, section) [] :Dept of Merriment

Common Name (e.g. server FQDN or YOUR name) []:example.com

Email Address []:webmaster@awesomeinc.com

-----

 
Set up the virtual hosts to display the new certificate.
 

Open up the SSL config file:

root@jumpserver:~# vi /etc/httpd/conf.d/ssl.conf

 

Find the section that begins with <VirtualHost _default_:443>  and  Uncomment the DocumentRoot and ServerName line and replace example.com with your domain name or server IP address

#uncomment & Replace the example.com with your domain

  ServerName example.com:443

  DocumentRoot "/var/www/html"

  ServerName www.example.com:443

 

Find the following three lines, and make sure that they match the extensions below:

SSLEngine on

SSLCertificateFile /etc/httpd/ssl/apache.crt

SSLCertificateKeyFile /etc/httpd/ssl/apache.key

 

   Your virtual host is now all set up! Save and Exit

Restart Apache

 systemctl restart httpd

How to Create a SSL Certificate on jump server Apache for Ubuntu 16 /Ubuntu 18/ Ubuntu 20/ Debian9/ Debian10  ?

 

Install Apache2

root@gateway :~# apt-get install apache2

 

Create a New Directory

 

   we need to create a new directory where we will store the server key and certificate

root@gateway :  ~#   mkdir /etc/certs/ssl

Create a Self Signed Certificate

When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.

root@gateway:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt 

 
With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.
 
This command will prompt terminal to display a lists of fields that need to be filled in.

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some  fields  there will be a default  value,  If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]  :New  York

Locality Name (eg, city) []  :NYC

Organization Name (eg, company) [Internet Widgits Pty Ltd]  :Awesome  Inc

Organizational Unit Name (eg, section) []  :Dept  of Merriment

Common Name (e.g. server FQDN or YOUR name) []:example.com

Email Address []:webmaster@awesomeinc.com

-----

 

  Modify the Default Apache SSL Virtual Host File
 
Next, let's modify  /etc/apache2/sites-available/default-ssl.conf.he default Apache SSL Virtual Host file.

Before we go any further, let's back up the original SSL Virtual Host file:

root@jumphost:~# cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak

 

Now, open the SSL Virtual Host file to make adjustments:

root@jumphost:~#  nano /etc/apache2/sites-available/default-ssl.conf

 
Find the section that begins with <VirtualHost _default_:443>  and  Uncomment the DocumentRoot and ServerName line and replace example.com with your domain name or server IP address,Also uncomment SSLCertificateFile,SSLCertificateKeyFile,SSLEngine on & add the correct path of cert file & key file.

<IfModule mod_ssl.c>

        <VirtualHost _default_:443>

                ServerAdmin your_email@example.com

                ServerName server_domain_or_IP

 

                DocumentRoot /var/www/html

 

                ErrorLog ${APACHE_LOG_DIR}/error.log

                CustomLog ${APACHE_LOG_DIR}/access.log combined

 

                SSLEngine on

                SSLCertificateFile       /etc/ssl/certs/apache-selfsigned.crt

                SSLCertificateKeyFile   /etc/ssl/private/apache-selfsigned.key

 

                <FilesMatch "\.(cgi|shtml|phtml|php)$">

                                SSLOptions +StdEnvVars

                </FilesMatch>

                <Directory /usr/lib/cgi-bin>

                                SSLOptions +StdEnvVars

                </Directory>

                BrowserMatch "MSIE [2-6]" \

                               nokeepalive ssl-unclean-shutdown \

                               downgrade-1.0 force-response-1.0

 

        </VirtualHost>

</IfModule>

 Save & Exit the file.
 
 Enable the Changes in Apache

root@jumphost:~#  a2enmod ssl

root@jumphost:~#  a2ensite default-ssl

 
 
Also enforce ssl in ezeelogin gui.
 
Restart Apache
 

root@jumpserver:~# systemctl restart apache2

0 (0)
Article Rating (No Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    Configure Ezeelogin to authenticate using Windows_AD / OpenLDAP (Pam-Ldap) in Debian?
    Viewed 287 times since Fri, Dec 4, 2020
    Integrate Okta SSO with jumpserver
    Viewed 1185 times since Fri, Aug 9, 2019
    configure jump server to use SSL for MySQL
    Viewed 3764 times since Mon, Apr 30, 2018
    add amazon ec2 in jump server or aws jumpbox
    Viewed 4601 times since Tue, May 8, 2018
    How to find a server by its hostname, ip address, very quickly in ezsh shell
    Viewed 2612 times since Tue, Mar 27, 2018
    Enable or Disable or force ssl for the web interface
    Viewed 3603 times since Thu, Jun 15, 2017
    Set SSH User Expiry
    Viewed 2404 times since Thu, Sep 20, 2018
    How can i disable MySQL strict mode ?
    Viewed 4279 times since Tue, Feb 12, 2019
    Setting in web panel when SSH Daemon is listening on non standard ports.
    Viewed 2497 times since Thu, Dec 21, 2017
    How to pass environment variable through jump server?
    Viewed 1851 times since Tue, Jul 17, 2018