SSL (Secure Socket Layer) is a protocol , which establishes a secure connection between a web browser and the server so that no one can steal the data sent back and forth from the web browser and web server. In layman’s terms, you can have a secure connection between the user and server by encrypting the data that is sent over the network,so that data theft can be avoided. You probably noticed https instead of http when accessing net-banking sites and other important sites. It is because those sites use SSL protocol.
How SSL Works:
1) The user requests a website using https eg: https://www.yoursite.com , the server receives the request and sends a certificate and public key to the web browser.
2)The browser checks if the certificate is trusted by checking it with the trusted certificate authorities it already has. The browser by default has some trusted certificate authorities. You can view it in the settings of your browser.
3)If the certificate is verified by the web browser, then it sends the requests to the web server by encrypting the requests using the public key issued by the web server. The web server in turn decrypts it using the private key it holds.
Thus a secured connection is established between the web browser and web server.
Setting Up SSL (self signed) on Linux Httpd.
In this tutorial am going to explain how to set up SSL on httpd (rhel based) or apache2 (debian). It uses the self signed certificate , you can use it for testing purposes. I assume that you have httpd server ready with a website.
1)Install mod_ssl by executing the following command in your terminal.
$ yum install mod_ssl openssl
2) Create a private key
$ openssl genrsa -out ssl.key 1024
3) Generate CSR
$ openssl req -new-key ssl.key -out ssl.csr
4) Generate a self singned certificate using the key and csr for 365 days.
$ openssl x509 -req -days 365 -in ssl.csr -signkey ssl.key -out ssl.crt
5) Copy the key, crt and csr files to respective folders using the following commands.
$ cp ssl.crt /etc/pki/tls/certs
$ cp ssl.key /etc/pki/tls/private/ssl.key
$ cp ssl.csr /etc/pki/tls/private/ssl.csr
6)Open the httpd.conf file using any editor to set the virtual host settings.
$ vi /etc/httpd/conf/httpd.conf
7) Add 443 port to the virtual post and find SSLcertificateFile and SLCertificatekeyFile and add the appropriate file pathof your crt file and key file.
8) Save the file and restart the httpd server.
$ service httpd restart
9) Open port 443 and block 80 in your local web server and access the site using https. You will be able to connect to the site using https. Eg: https://localhost/index