LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   Update apache ssl cert (https://www.linuxquestions.org/questions/linux-security-4/update-apache-ssl-cert-4175640867/)

catiewong 10-22-2018 04:34 AM
Update apache ssl cert
 
I use apache web server on centos 7.4

Now the apache do not have a SSL cert , I would like to add it , except add the cert files to the server , config the apache file , would advise what else I need to do ?

TenTenths 10-22-2018 06:23 AM
You might want to also redirect any http:// traffic to https://

catiewong 10-22-2018 11:23 PM
Quote:
Originally Posted by TenTenths (Post 5917799)
You might want to also redirect any http:// traffic to https://
Thanks reply ,

How to do the redirect , set it in apache or DNS ?

berndbausch 10-23-2018 12:19 AM
DNS doesn't know anything about web protocols. So, the answer is Apache. You will find a ton of tutorials on the internet, for example https://www.digitalocean.com/communi...ache-and-nginx (DigitalOcean's tutorials are generally good).

catiewong 10-23-2018 03:11 AM
Quote:
Originally Posted by berndbausch (Post 5918145)
DNS doesn't know anything about web protocols. So, the answer is Apache. You will find a ton of tutorials on the internet, for example https://www.digitalocean.com/communi...ache-and-nginx (DigitalOcean's tutorials are generally good).
thanks reply

About the http redirct to https .

If I update the apache file to point to the ssl cert but do not set http redirct to https , does the browsing will automatically go to https first then go to http ? config http redirct to https is only for safe ? that means if no http to https redirection , user input http then to to http:// , user input https then go to https:// ?

bradvan 10-23-2018 06:24 AM
If you don't force http -> https, then it depends on what the remote person puts in their browser. There are lots of good web pages on this subject. Try: RHEL 7 Web Servers for one.

catiewong 10-23-2018 11:59 PM
Quote:
Originally Posted by bradvan (Post 5918248)
If you don't force http -> https, then it depends on what the remote person puts in their browser. There are lots of good web pages on this subject. Try: RHEL 7 Web Servers for one.
"then it depends on what the remote person puts in their browser" <<== sorry , I don't understand what it means , that mean if no redirection , it depends the user use http or https , if http then go to http , if https then go to https ?

bradvan 10-24-2018 04:03 AM
Correct. If you are allowing both an http and an https connection, then which the remote user connects to depends on what they type in to their browser. If you are OK with that, then good. If not, force re-direction of http to https. It all depends on what you are providing on your web page.

catiewong 10-24-2018 06:06 AM
Another question ,

In my apache configuration for http , there are many module are loaded , I am wonder if there is another modules will be needed to make https to work ?

LoadModule setenvif_module modules/mod_setenvif.so
LoadModule version_module modules/mod_version.so
LoadModule heartmonitor_module modules/mod_heartmonitor.so
LoadModule dav_module modules/mod_dav.so
LoadModule status_module modules/mod_status.so
LoadModule autoindex_module modules/mod_autoindex.so
LoadModule dir_module modules/mod_dir.so
LoadModule php5_module modules/libphp5.so
LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_connect_module modules/mod_proxy_connect.so
LoadModule proxy_ftp_module modules/mod_proxy_ftp.so
LoadModule proxy_http_module modules/mod_proxy_http.so
LoadModule proxy_scgi_module modules/mod_proxy_scgi.so
LoadModule proxy_ajp_module modules/mod_proxy_ajp.so

berndbausch 10-24-2018 07:06 AM
You need mod_ssl.

However, this has nothing to do with the title of this thread. Questions that are not related should go into separate threads.


All times are GMT -5. The time now is 08:03 PM.