Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision Both sides next revision
tutorial:adm:server_preparation [2021/05/10 14:56]
urbanl [Disabling mod_security rules] Removing modsec rules which are not in modsec_crs 3.0 		tutorial:adm:server_preparation [2021/05/10 16:09]
urbanl [HTTPd installation and configuration]
Line 542: Line 542:
 RewriteRule "^/$"  "/idm/" [R]  RewriteRule "^/$"  "/idm/" [R] 
 </code> </code>
 +
 +=== Certificate for httpd ===
 +
 +If you have prepared certifikate, key and certificate authority chain just chnge these properties in ''/etc/httpd/conf.d/ssl.conf'' and make sure that only httpd can read the files.
 +<code>
 + SSLCertificateFile PATH_TO_CERTIFICATE_FILE
 + SSLCertificateKeyFile PATH_TO_CERTIFICATE_KEY_FILE
 + SSLCertificateChainFile PATH_TO_CA_CHAIN_FILE
 +</code>
 +Then continue with cheking syntax of httpd.
 +
 +If you not prepared them in the moment. Create temporary certificate and key. 
 +<code>
 +mkdir /etc/httpd/cert
 +cd /etc/httpd/cert
 +openssl genrsa -out http_temp_cert.key
 +openssl req -new -key http_temp_cert.key -out http_temp_cert.csr -subj "/C=CZ/ST=Czech Republic/L=Prague/O=BCV/CN=CzechIdM placeholder cert"
 +openssl x509 -req -in http_temp_cert.csr -signkey http_temp_cert.key -days 1 -sha256 -out http_temp_cert.crt
 +rm http_temp_cert.csr
 +chmod 600 /etc/httpd/cert/*
 +chown -R tomcat:tomcat  /etc/httpd/cert/
 +</code>
 +Then change set path to them in these properties in ''/etc/httpd/conf.d/ssl.conf''.
 +<code>
 + SSLCertificateFile /etc/httpd/cert/http_temp_cert.crt
 + SSLCertificateKeyFile /etc/httpd/cert/http_temp_cert.key
 +</code>
 +
 +=== Checking httpd configuration syntax and configuring selinux ===
  
 Syntax check before httpd restart Syntax check before httpd restart
  • by koulaj