HTTPS Setup for the Web Server - derek-hash/SYS-265-02 GitHub Wiki

Follow these commands and It should work

hostnamectl set-hostname ca-YourFirstName

systemctl enable --now sshd

firewall-cmd --permanent --add-port=22/tcp firewall-cmd --reload

dnf install -y openssl openssl-devel

mkdir -p /root/ca/{certs,crl,newcerts,private} chmod 700 /root/ca/private touch /root/ca/index.txt

echo 1000 > /root/ca/serial

openssl req -x509 -newkey rsa:4096 -nodes -keyout /root/ca/private/cakey.pem
-out /root/ca/cacert.pem -days 3650 -subj "/C=US/ST=State/L=City/O=Joyce310/OU=Joyce310/CN=Joyce310" -sha256

openssl genrsa -out /root/websrv.key 2048

openssl req -new -key /root/websrv.key -out /root/websrv.csr
-subj "/C=US/ST=State/L=City/O=Joyce310/OU=Joyce310/CN=Joyce310"

scp /root/websrv.csr root@<CA_SERVER_IP>:/root/ca/ In practicing case it would be the CA-SEC VM as the CA_Server

openssl x509 -req -in /root/ca/websrv.csr -CA /root/ca/cacert.pem -CAkey /root/ca/private/cakey.pem -CAcreateserial -out /root/ca/websrv.crt -days 365 -sha256

scp /root/ca/websrv.crt root@<WEB_SERVER_IP>:/root/ In practicing case it would be the rocky VM as the Web Server

dnf install -y mod_ssl

mv /root/websrv.crt /etc/pki/tls/certs/ mv /root/websrv.key /etc/pki/tls/private/

systemctl enable --now httpd

firewall-cmd --permanent --add-service=https firewall-cmd --reload

cat /root/ca/cacert.pem cat /etc/pki/tls/private/websrv.key cat /etc/pki/tls/certs/websrv.crt

https://<WEB_SERVER_IP>