ssl Archives - The Linux GURUS https://thelinuxgurus.com/tag/ssl/ Learn Linux & DevOPS from THE LINUX GURUS Tue, 03 Nov 2020 15:54:22 +0000 en-US hourly 1 https://i0.wp.com/thelinuxgurus.com/wp-content/uploads/2020/01/cropped-thelinuxgurus_transparent_name.png?fit=32%2C32&ssl=1 ssl Archives - The Linux GURUS https://thelinuxgurus.com/tag/ssl/ 32 32 148921671 How to create a free SSL certificate using Let’s Encrypt in Linux https://thelinuxgurus.com/how-to-create-a-free-ssl-certificate-using-lets-encrypt-in-linux/ https://thelinuxgurus.com/how-to-create-a-free-ssl-certificate-using-lets-encrypt-in-linux/#respond Tue, 03 Nov 2020 15:54:22 +0000 https://thelinuxgurus.com/?p=1252 Let’s encrypt is non-profit, free, and open certificate authority, or CA that is run by Internet Security Research Group or ISRG. Let’s Encrypt provides a...

The post How to create a free SSL certificate using Let’s Encrypt in Linux appeared first on The Linux GURUS.

]]>
Let’s encrypt is non-profit, free, and open certificate authority, or CA that is run by Internet Security Research Group or ISRG. Let’s Encrypt provides a TLS certificate & provide certificate for 90 days, which can then be renewed at any point during these 90 days without any charge what-so-ever.

The main aim of Let’s Encrypt is to make the internet secure by making SSL certificates accessible to all with ease. In this tutorial, we will learn to create a free SSL certificate using Let’s Encrypt in Linux.

Recommended Read: Beginner’s guide to NGINX SSL CONFIGURATION

Also Read: Create a SELF-SIGNED SSL Certificate in Linux

So let’s start with the tutorial.


Install Certbot in Linux

We will be using certbot to create a free Let’s Encrypt SSL certificate in Linux. Let’s discuss how we can install certbot on various Linux distros.

Ubuntu/popOS/Debian/LinuxMInt

For their distributions, we need to have snap package manager installed, as the certbot packages are maintained on snap repositories.

The Snap package manager is installed on all the new versions of Ubuntu. If you are still using an older version of Ubuntu, then you can install the snap package manager using the following command,

$ sudo apt-get install snapd

Once the snap is installed, we can then install certbot on the system. But before we do that, just make sure that there are not any other versions of certbot installed on the system, & if they are, we need to remove them,

$ sudo apt-get remove certbot

Now install the certbot with the help of snap,

$ sudo snap install –classic certbot

CentOS/RHEL

For CentOS & RHEL, we need to have an EPEL repository on the system to install certbot. Install the EPEL repository using the following command,

# yum install epel-release

Now we can install the certbot with the following command,

# yum install certbot

Now let’s proceed ahead with the SSL creation.


Create free SSL certificate using Let’s Encrypt in Linux

Now when the certbot has been installed, we can create the free SSL certificate using Let’s Encrypt in Linux with the following command,

$ sudo certbot certonly -d thelinuxgurus.com –manual –preferred-challenges dns

free SSL certificate using Let's Encrypt

See the screenshot above, mainly the highlighted part. I know the cert was not created for my domain as i already have a SSL cert & did not want to add a TXT record in DNS. But if you need an SSL certificate, you must prove the domain ownership by adding the TXT DNS record as mentioned for you, when you run the command.

Once you have added the record, wait for some time as DNS records can take some time to propagate successfully. After that press ENTER to confirm & verify the DNS record to create a certificate successfully.

Once the certificate is created, you can manually install the certificate on a web server of your choice or on WordPress using CPanel, etc.

If you need to renew the certificate, then you can run the following command,

$ sudo certbot renew

You can also dry run to simulate the certificate renewal with the following command,

$ sudo certbot renew –dry-run

This completes our tutorial on how to create a free SSL certificate using Let’s Encrypt in Linux.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Linkedin

TheLinuxGURUS are thankful for your continued support.

The post How to create a free SSL certificate using Let’s Encrypt in Linux appeared first on The Linux GURUS.

]]>
https://thelinuxgurus.com/how-to-create-a-free-ssl-certificate-using-lets-encrypt-in-linux/feed/ 0 1252
Beginner’s guide to NGINX SSL CONFIGURATION https://thelinuxgurus.com/beginners-guide-to-nginx-ssl-configuration/ https://thelinuxgurus.com/beginners-guide-to-nginx-ssl-configuration/#respond Tue, 27 Oct 2020 15:41:29 +0000 https://thelinuxgurus.com/?p=1247 Security is one of the main concerns that needs to be addressed on priority for all applications or websites. All websites are required to have...

The post Beginner’s guide to NGINX SSL CONFIGURATION appeared first on The Linux GURUS.

]]>
Security is one of the main concerns that needs to be addressed on priority for all applications or websites. All websites are required to have a valid SSL certificate installed in order to encrypt the data packets/traffic between users & websites. Even web browsers show a warning when we visit a website that does not have SSL certificate installed.

In this tutorial, we will discuss how we can perform Nginx SSL configuration to configure a SSL certificate to secure our websites hosted on Nginx. So start the complete process for Nginx SSL configuration but let’s discuss the prerequisites first.

Pre-requisites

Now let’s move on to Nginx SSL configuration part. We will first be creating a self-signed certificate first  & then will configure the Nginx web server to use that certificate.

Recommended Read: Create a SELF-SIGNED SSL Certificate in Linux

Also Read: How to Host Multiple Websites with Nginx in Linux


Create a self signed certificate

Create a certificate with the following command,

$ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/shusain/test.key -out /home/shusain/test.crt

here, openssl command is used for managing ssl,

req –x509 is public key infrastructure for ssl,

-nodes, means we don’t need a passphrase,

-days 365 is the validity of the certificate in days,

-newkey rsa:2048  means cert will 2048 bit long & uses RSA as encryption,

-keyout,provides the location for private key,

-out provides the place our SSL certificate.

So now, we have our private key (home/shusain/test.key) & a self signed certificate (home/shusain/test.crt). We need both these to configure ssl certificates in nginx.

So let’s move them to a new folder for ease of administration,

# mkdir /etc/nginx/ssl

# mv /home/shusain/test.key /etc/nginx/ssl/

# mv /home/shusain/test.crt /etc/nginx/ssl/

Now let’s move on to next step i.e. Nginx SSL configuration.


Nginx SSL configuration

Now that we have the required private key and certificate with us, we configure the SSL certificate in Nginx. We can use ‘/etc/nginx/nginx.conf’ to configura the ssl in Nginx but it is advisable to create a separate file for ssl,

# vi /etc/nginx/conf.d/ssl.conf

& enter the following lines to the file,

server {

    listen 443 ssl;

    server_name example.com;

    ssl_certificate /etc/nginx/ssl/test.crt;

    ssl_certificate_key /etc/nginx/ssl/test.key;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

root /var/www/html;

index index.html index.htm index.nginx-debian.html;

}

All we have to do is to reload the nginx configuration to complete the Nginx SSL configuration & install ssl certificate in Nginx,

# systemctl reload nginx

Now we can access our website with the https followed by the website URL,

https://example.com

Since we are using a self-signed certificate, we might get a warning but we can ignore that & click on ‘Proceed anyway’ to open the website.


Additional Parameters for SSL

The above-mentioned parameters are the basic configuration for SSL, we can actually select a number of options like TLS versions. Ciphers suites as well depending on our need.

An example to additional parameters that can be used are,

server {

    listen 443 ssl;

    server_name example.com;

    ssl_certificate /etc/nginx/ssl/test.crt;

    ssl_certificate_key /etc/nginx/ssl/test.key;

    ssl_dhparam /etc/ssl/certs/dhparam.pem;

    root /var/www/html;

     index index.html index.htm;

    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

    ssl_prefer_server_ciphers on;

    ssl_ciphers “EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH”;

    ssl_ecdh_curve secp384r1;

    ssl_session_cache shared:SSL:10m;

    ssl_session_tickets off;

    ssl_stapling on;

    ssl_stapling_verify on;

    resolver 8.8.8.8 8.8.4.4 valid=300s;

    resolver_timeout 5s;

    add_header Strict-Transport-Security “max-age=63072000; includeSubdomains”;

    add_header X-Frame-Options DENY;

    add_header X-Content-Type-Options nosniff;

}

This completes our tutorial on how to perform Nginx SSL configuration & install a SSL certificate in Nginx. Please feel free to send in any questions or queries using the comment box below.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Linkedin

TheLinuxGURUS are thankful for your continued support.

The post Beginner’s guide to NGINX SSL CONFIGURATION appeared first on The Linux GURUS.

]]>
https://thelinuxgurus.com/beginners-guide-to-nginx-ssl-configuration/feed/ 0 1247
Create a SELF-SIGNED SSL Certificate in Linux https://thelinuxgurus.com/create-a-self-signed-ssl-certificate-in-linux/ https://thelinuxgurus.com/create-a-self-signed-ssl-certificate-in-linux/#comments Tue, 29 Sep 2020 07:08:56 +0000 https://thelinuxgurus.com/?p=1222 Security threats like data theft etc are on the rise & it is of utmost importance that we employ some security to avoid such incidents....

The post Create a SELF-SIGNED SSL Certificate in Linux appeared first on The Linux GURUS.

]]>
Security threats like data theft etc are on the rise & it is of utmost importance that we employ some security to avoid such incidents. This is especially true when we are trying to access some websites over the public internet & our connections are not secure.

To avoid such unencrypted data transfers, we use SSL certificates. SSL or Secure Socket Layer is a protocol that is used for securing encrypt our website traffic. This avoids data theft, even if the data would have been intercepted by a 3rd party, it will be useless to them as the encryption used to secure the traffic is quite strong. 

SSL certificates are of such importance that now almost all web browsers show a warning when we are visiting a website that does not have a valid SSL certificate in use.

The SSL certificate that is used to secure the websites on the Public internet uses SSL certificates that are signed by Certification Authorities (CA) like Comodo, GeoTrust, Symantec, etc & they charge a fee for that. And then there are CAs like Let’s Encrypt which provide SSL certificate for free but for a lesser duration.

But we might not require any of these SSLs when we are using an SSL certificate for the testing environment or for development purposes. There we can only use self-signed certificates.

Recommended Read: How to create an SSL certificate with certbot

Also Read: How to install NGINX from Source packages in Linux

In this tutorial, we will discuss how to create a self-signed certificate in Linux. Let’s discuss the process,


Create Self Signed SSL certificate in Linux


To create a self-signed certificate in Linux, we need to have packages named ‘openssl’ & ‘mod_ssl’ installed on our system. Openssl is installed by default on all Linux distributions & we can install mod_ssl with the following command,

# yum install mod_ssl

Now we can create the SSL certificate using the openssl command mentioned below,

# openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /home/shusain/ssl.key -out  /home/shusain/ssl.crt

To describe the command mentioned above, 

openssl is the command for managing SSL,

req –x509 is the public key infrastructure for SSL,

-nodes, means we don’t need a passphrase,

-days 365 is the validity of the certificate in days

-newkey rsa:2048  means cert will 2048 bit long & uses rsa encryption,

-keyout, is the location to Private key,

-out is the location for the certificate.

We need to have both  /home/shusain/ssl.key &  /home/shusain/ssl.cert to configure it in our webserver. We will be discussing how we can install an SSL certificate in our Nginx as well as Apache in our future tutorials. Please feel free to send in any questions or queries using the comment box below.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Linkedin

TheLinuxGURUS are thankful for your continued support.

The post Create a SELF-SIGNED SSL Certificate in Linux appeared first on The Linux GURUS.

]]>
https://thelinuxgurus.com/create-a-self-signed-ssl-certificate-in-linux/feed/ 1 1222
How to install Nginx on CentOS/RHEL https://thelinuxgurus.com/how-to-install-nginx-on-centos-rhel/ https://thelinuxgurus.com/how-to-install-nginx-on-centos-rhel/#respond Tue, 08 Sep 2020 16:14:36 +0000 https://thelinuxgurus.com/?p=1202 Nginx is one a very famous, open-source web server application that we can also use as a reverse proxy, cache server as well as a...

The post How to install Nginx on CentOS/RHEL appeared first on The Linux GURUS.

]]>
Nginx is one a very famous, open-source web server application that we can also use as a reverse proxy, cache server as well as a load balancer among other things. It is a powerful, lightweight application & also uses very few resources.

In this tutorial, we will learn how to install Ngnix on CentOS & RHEL servers. There are two ways with which we can install the Nginx on CentOS & RHEL, either using EPEL repositories or using the Nginx official repositories.

Recommended Read: How to install NGINX on Ubuntu

Also Read: Scheduling CRON Jobs with Crontab for Beginners


Install Nginx on CentOS/RHEL using the EPEL repository


Nginx packages are not maintained on the default CentOS/RHEL repositories & are available on the EPEL repositories. So we need to install EPEL repositories on it first.

We have already discussed in detail how we can install the EPEL repository on CentOS in our tutorial HERE. You can also run the following

CentOS/RHEL 6/7

# yum install epel-release

CentOS/RHEL 8

# dnf install epel-release

Once the EPEL repository has been installed, we can then install nginx with the following command,

# yum install nginx

Once the nginx is installed, we can then start the nginx service with the following command,

# systemctl start nginx

To enable the server at boot time, run the following command,

# systemctl enable nginx

When the nginx service has started, we can access the default nginx webpage with the system IP address from a browser,

http://IP_ADDRESS_OF_THE_SERVER


Install Nginx on CentOS using the Official Nginx repository


For enabling the official Nginx repositories, we need to create the repository files for nginx repos. Create a file ‘/etc/yum.repos.d/ngnix.repo’ & enter the following details,

# vi /etc/yum.repos.d/nginx.repo

[nginx]

name=nginx repo

baseurl=https://nginx.org/packages/$OS/$releaserver/$basearch/

gpgcheck=0

enabled=1

Here, we need to update the following values as per the OS type & version number, i.e.,

OS – rhel or centos

releaseserver – 6, 7 or 8

For example, the entry for Centos 7 would be,

[nginx]

name=nginx repo

baseurl=https://nginx.org/packages/centos/7/basearch/

gpgcheck=0

enabled=1

Similarly, replace Centos with rhel for rhel 7 Nginx repository. Now, all we need is to install Nginx with the following command,

# yum install nginx

Now, start the nginx service & access the default webpage.

This completes our tutorial on how to install nginx on CentOS/RHEL. You can also check our tutorial on how to host multiple websites on Nginx HERE & if you have any questions/queries, please do let us know using the comment box below.

If you think we have helped you or just want to support us, please consider these:-

Connect to us: Facebook | Twitter | Linkedin

TheLinuxGURUS are thankful for your continued support.

The post How to install Nginx on CentOS/RHEL appeared first on The Linux GURUS.

]]>
https://thelinuxgurus.com/how-to-install-nginx-on-centos-rhel/feed/ 0 1202