How to install ssl certs in jump server(secure connection) ?

How to Create a SSL Certificate on ezeelogin jump server Apache for CentOS 6 /Centos 7 ?

 

Install Mod SSL

root@gateway :~# yum install mod_ssl openssl

Create a New Directory

  we need to create a new directory where we will store the server key and certificate

root@gateway : ~#  mkdir /etc/httpd/ssl

 

Create a Self Signed Certificate

When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.

 

root@gateway:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

 
With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.
 
This command will prompt terminal to display a lists of fields that need to be filled in.
 
 

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some fields there will be a default value, If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State] :New York

Locality Name (eg, city) [] :NYC

Organization Name (eg, company) [Internet Widgits Pty Ltd] :Awesome Inc

Organizational Unit Name (eg, section) [] :Dept of Merriment

Common Name (e.g. server FQDN or YOUR name) []:example.com

Email Address []:webmaster@awesomeinc.com

-----

 
Set up the virtual hosts to display the new certificate.
 

Open up the SSL config file:

root@jumpserver:~# vi /etc/httpd/conf.d/ssl.conf

 

Find the section that begins with <VirtualHost _default_:443>  and  Uncomment the DocumentRoot and ServerName line and replace example.com with your domain name or server IP address

#uncomment & Replace the example.com with your domain

  ServerName example.com:443

  DocumentRoot "/var/www/html"

  ServerName www.example.com:443

 

Find the following three lines, and make sure that they match the extensions below:

SSLEngine on

SSLCertificateFile /etc/httpd/ssl/apache.crt

SSLCertificateKeyFile /etc/httpd/ssl/apache.key

 

   Your virtual host is now all set up! Save and Exit

Restart Apache

/etc/init.d/httpd restart

 

How to Create a SSL Certificate on jump server Apache for Ubuntu 16 /Ubuntu 18 ?

 

Install Apache2

root@gateway :~# apt-get install apache2

 

Create a New Directory

 

   we need to create a new directory where we will store the server key and certificate

root@gateway :  ~#   mkdir /etc/certs/ssl

Create a Self Signed Certificate

When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year.

root@gateway:~# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt 

 
With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory.
 
This command will prompt terminal to display a lists of fields that need to be filled in.

You are about to be asked to enter information that will be incorporated into your certificate request.

What you are about to enter is what is called a Distinguished Name or a DN.

There are quite a few fields but you can leave some blank

For some  fields  there will be a default  value,  If you enter '.', the field will be left blank.

-----

Country Name (2 letter code) [AU]:US

State or Province Name (full name) [Some-State]  :New  York

Locality Name (eg, city) []  :NYC

Organization Name (eg, company) [Internet Widgits Pty Ltd]  :Awesome  Inc

Organizational Unit Name (eg, section) []  :Dept  of Merriment

Common Name (e.g. server FQDN or YOUR name) []:example.com

Email Address []:webmaster@awesomeinc.com

-----

 

  Modify the Default Apache SSL Virtual Host File
 
Next, let's modify  /etc/apache2/sites-available/default-ssl.conf.he default Apache SSL Virtual Host file.

Before we go any further, let's back up the original SSL Virtual Host file:

root@jumphost:~# cp /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-available/default-ssl.conf.bak

 

Now, open the SSL Virtual Host file to make adjustments:

root@jumphost:~#  nano /etc/apache2/sites-available/default-ssl.conf

 
Find the section that begins with <VirtualHost _default_:443>  and  Uncomment the DocumentRoot and ServerName line and replace example.com with your domain name or server IP address,Also uncomment SSLCertificateFile,SSLCertificateKeyFile,SSLEngine on & add the correct path of cert file & key file.

<IfModule mod_ssl.c>

        <VirtualHost _default_:443>

                ServerAdmin your_email@example.com

                ServerName server_domain_or_IP

 

                DocumentRoot /var/www/html

 

                ErrorLog ${APACHE_LOG_DIR}/error.log

                CustomLog ${APACHE_LOG_DIR}/access.log combined

 

                SSLEngine on

                SSLCertificateFile       /etc/ssl/certs/apache-selfsigned.crt

                SSLCertificateKeyFile   /etc/ssl/private/apache-selfsigned.key

 

                <FilesMatch "\.(cgi|shtml|phtml|php)$">

                                SSLOptions +StdEnvVars

                </FilesMatch>

                <Directory /usr/lib/cgi-bin>

                                SSLOptions +StdEnvVars

                </Directory>

                BrowserMatch "MSIE [2-6]" \

                               nokeepalive ssl-unclean-shutdown \

                               downgrade-1.0 force-response-1.0

 

        </VirtualHost>

</IfModule>

 Save & Exit the file.
 
 Enable the Changes in Apache

root@jumphost:~#  a2enmod ssl

root@jumphost:~#  a2ensite default-ssl

 
 
Also enforce ssl in ezeelogin gui.
 
Restart Apache
 

root@jumpserver:~# systemctl restart apache2

0 (0)
Article Rating (No Votes)
Rate this article
    Attached Files
    There are no attachments for this article.
    Related Articles RSS Feed
    How do i change the web url / uri of my installation?
    Viewed 2327 times since Thu, Jun 15, 2017
    Can we map existing user group in ldap to ezeelogin as ezeelogin user group ?
    Viewed 4183 times since Mon, Sep 25, 2017
    configure jump server to use SSL for MySQL server 5.7 version
    Viewed 26140 times since Thu, Apr 12, 2018
    Configure Nginx webserver on Jump server / Bastion host
    Viewed 7752 times since Fri, Nov 3, 2017
    Integrate Okta SSO with jumpserver
    Viewed 481 times since Fri, Aug 9, 2019
    How to reset cluster keys in ezeelogin Master-slave Configuration ?
    Viewed 1006 times since Fri, Jun 8, 2018
    How to find a server by its hostname, ip address, very quickly in ezsh shell
    Viewed 1851 times since Tue, Mar 27, 2018
    How to add ssh public key for passwordless authentication in ssh
    Viewed 3013 times since Fri, Sep 1, 2017
    How To Create a Self-Signed SSL Certificate for Nginx on debian
    Viewed 1483 times since Mon, Jun 4, 2018
    cron for changing root passwords on servers periodically
    Viewed 3109 times since Thu, Jun 15, 2017