发表新帖
发表新帖

Enabling SSL on apache instance on EC2

前端 未结
关注
6 1932
南旧
南旧 2020-12-29 03:32

I have an EC2 instance that is using Amazon\'s custom linux install with built in apache. This install also has openssl installed. That being said, there does not appear t

相关标签:
6条回答
  • 花落未央
    2020-12-29 03:44

    You should install the SSL module, since mod SSL does not ship with most instances by default, but that depends on the Apache version you are using in your AWS instance. To check which one you are using, you can run this command in your command line:

    httpd -v

    For Apache 2.2

    yum install mod_ssl

    For Apache 2.4

    yum install mod24_ssl
    0 讨论(0)
  • 南笙
    2020-12-29 03:48

    I managed to enable SSL on my ec2 instance and to install a free ssl certificate from startssl.com. I made a few mistakes, this is the basic approach:

    1. Signup to startssl.com by clicking Control Panel link
      • Complete the signup process. You will need to verify your email address.
    2. Validate your domain under Validation Wizard -> Domain Name Validation
    3. Get a Certificate by Certificate Wizard
      • Choose: Web Server SSL/TLS Certificate
      • Enter a password that will be used to encrypt the private key. You will need this later.
      • I chose keysize of 4096
      • Save the encrypted private key as ssl.encrypted.key someplace
      • ?? I forget what happened next
      • Save the certificate file as ssl.crt someplace. For me I had to wait 30 minute then it appeared under Tool Box -> Retrive Certificate
    4. Use openssl to decrypt the encrypted ssl.encrypted.key file
      • sudo openssl rsa -in ssl.encrypted.key -out ssl.unencrpted.key
      • startssl.com also have a decrypt option on their website, but it didn't work for me
    5. putty/ssh onto your ec2 machine
    6. install mod_ssl
      • sudo yum install mod_ssl
    7. Replace the default certificate and key
      • sudo vi /etc/pki/tls/certs/localhost.crt
      • Paste in the contents of ssl.crt
      • Make sure it pastes correctly! I always lose the first 6 characters
      • Use :%d to delete the existing certificate if required
      • [ESC] wq
      • sudo vi /etc/pki/tls/private/localhost.key
      • Paste in the contents of ssl.unencrypted.key
      • Again make sure it pastes correctly!
      • [ESC] wq
    8. Check the configuration
      • apachectl configtest
    9. Restart
      • sudo service httpd restart
      • I had issues restarting and I think what fixed it was sudo kill -9 httpd
    0 讨论(0)
  • 天涯浪人
    2020-12-29 03:56

    Try this command:

     yum install mod_ssl
    0 讨论(0)
  • 心在旅途
    2020-12-29 03:59

    Here's what worked for me, via shell, with a wildcard cert that had a CA bundle (on Lightsail servers, HTTPS/443 enabled). Mileage may vary. Test on https://www.digicert.com/help/ after install. For brevity, I've shortened the certs/keys here (obviously).

    It's worth noting also that I did not need to set up a VirtualHost for the domain.

    # Overwrite these files on Amazon Linux + mod_ssl (or mod24_ssl)
# /etc/pki/tls/certs/ca-bundle.crt
# /etc/pki/tls/certs/localhost.crt
# /etc/pki/tls/private/localhost.key

## BEGIN

# INSTALL AS ROOT
sudo -su root

sudo cat > /etc/pki/tls/certs/localhost.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIF7DCCBNSgAwIBAgIMNY9yk7s651tb2YasMA0GCSqGSIb3DQEBCwUAMEwxCzAJ
KoZIhvcNAQELBQADggEBACu8MsClqLbO1NqjXw+igERhLRkISgnkIjB1p69zh3V0
/3b68mkC+8pL3HNLgL0qIM9sPKKOl/Iyky2EfwfQDoZEWNB0qWKIOovH5Oj9z5DE
-----END CERTIFICATE-----
EOF

sudo cat > /etc/pki/tls/private/localhost.key <<EOF
-----BEGIN PRIVATE KEY-----
MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCL6UsW9yC0Faev
1zeEJcF6E7P6XYqT25rWMj5xzUM8gi/4nLpGr+tOBlFJYSbLlEHJKG6QLO9Ku896
MwTtWyOrTlPtpJEi9LUrLmOUXtD1WN2Ekql/ZLaO7pxUtVTRF4MyYspGgU1ZjkxY
vQLnZs85bnG2dLz7Q4xxlj4=
-----END PRIVATE KEY-----
EOF

sudo cat > /etc/pki/tls/certs/ca-bundle.crt <<EOF
-----BEGIN CERTIFICATE-----
MIIESzCCAzOgAwIBAgIOSMqBefg+ikLz9c3isT8wDQYJKoZIhvcNAQELBQAwTDEg
bFNpZ24xEzARBgNVBAMTCkdsb2JhbFNpZ24wHhcNMTYxMDE0MDAwMDAwWhcNMjQw
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIDdTCCAl2gAwIBAgILBAAAAAABFUtaw5QwDQYJKoZIhvcNAQEFBQAwVzELMAkG
DKqC5JlR3XC321Y9YeRq4VzW9v493kHMB65jUr9TU/Qr6cf9tveCX4XSQRjbgbME
-----END CERTIFICATE-----
EOF

# RESTART
sudo service httpd restart

#DONE
    0 讨论(0)
  • 暖寄归人
    2020-12-29 04:08

    A summary of what needs to be done to enable SSL on apache server on EC2:

    1. Get SSL certificate (which you already did)
    2. Install mod_ssl as Jose Vega said
    3. Add the following lines to your httpd.conf 3.
    NameVirtualHost *:443

<VirtualHost *:443>
    ServerName www.example.com
#    other configurations
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/mydomain.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/mydomain.key
</VirtualHost>

    Finally, don't forget to open port 443 on your EC2 instance

    0 讨论(0)
  • 孤城傲影
    2020-12-29 04:08

    If you are using Amazon Lightsail, be sure to go into Networking from the Lightsail dashboard and add HTTPS/443 in your Firewall:

    0 讨论(0)
 看不清?
提交回复
热议问题