Deploy https LAMP website with self signed certificate on CentOS 7

In this article we will look into setting up very basic LAMP website. We will setup self signed ssl certificate and configure virtual host to run https.
SSL is not bullet proof technology but it helps to make your website more secure by creating encrypted link between browser and web server.


Canada colocation

1. First lets install LAMP. We will not get into too much details and explanation during LAMP setup and just show basic steps needed to set this up.

$yum install httpd
$systemctl start httpd.service
$systemctl enable httpd.service
$yum install mariadb-server mariadb
$systemctl start mariadb
$mysql_secure_installation
$systemctl enable mariadb.service
$yum install php php-mysql
$systemctl restart httpd.service

2. Lets now install mod_ssl package

yum install mod_ssl

3. Now we can generate private key

openssl genrsa -out ca.key 2048

4. Lets Generate CSR

openssl req -new -key ca.key -out ca.csr

5. Now we need to Generate Self Signed Key and provide all required information

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Country Name (2 letter code) [XX]:CA
State or Province Name (full name) []:Ontario
Locality Name (eg, city) [Default City]:Toronto
Organization Name (eg, company) [Default Company Ltd]:prolinuxhub
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:demo1.com
Email Address []:demo@myemail.com
Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

6. We can now copy all our keys and certificates to correct location

cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr

7. Lets now create directory for our virtual host based website

mkdir -p /var/www/html/demo1.com

8. We will need to also create vhost configuration file.

vi /etc/httpd/conf.d/demo1.conf

         SSLEngine on
         SSLCertificateFile /etc/pki/tls/certs/ca.crt
         SSLCertificateKeyFile /etc/pki/tls/private/ca.key
         
         AllowOverride All
         
         DocumentRoot /var/www/html/demo1
         ServerName demo1.com

9. Lest restart our apache server

systemctl restart httpd

10. At this point you can access your site with https protocol https://demo1.com

You will need to make sure your test site can be resolved via DNS. If not then you can setup hosts file for testing purposes.