Strong cryptography comes to the Apache HTTP Server via the mod_ssl module with Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Enabling SSL on your Apache web server enhances security by encrypting the data between the server and clients.

There are several methods to install mod_ssl on RHEL/CentOS 7 with Apache web server which are as follows:

Installing mod_ssl via YUM Package Manager

Step 1: Update System Packages

First, you need to ensure your system packages are up to date. Run the following command in a terminal:

sudo yum update -y

Step 2: Installing Apache HTTP Server

In the case where Apache is not yet installed, it can easily be installed with the following command:

sudo yum install httpd -y

Step 3: Install the mod_ssl

The installation can be made with the command:

sudo yum install mod_ssl -y
apachectl -M | grep ssl

Step 4: Start and Enable Apache

Start Apache Web Server and enable it to start on boot.

sudo systemctl start httpd
sudo systemctl enable httpd

Step 5: Firewall Configuration

Can pass HTTPS traffic by the firewall:

sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload

Step 6: Generating SSL Certificates

You can create a self-signed SSL certificate with the ‘openssl’ command:

sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/httpd-selfsigned.key -x509 -days 365 -out /etc/pki/tls/certs/httpd-selfsigned.crt

Fill in any information you are asked for.

Step 7: Apache Setup with SSL

Now modify the SSL configuration file at ‘/etc/httpd/conf.d/ssl.conf’:

sudo vi /etc/httpd/conf.d/ssl.conf

Please update the below lines with your certificate paths:

SSLCertificateFile /etc/pki/tls/certs/httpd-selfsigned.crt
SSLCertificateKeyFile /etc/pki/tls/private/httpd-selfsigned.key

Step 8: Rebooting Apache

Restart Apache service to effect the changes:

sudo systemctl restart httpd

Manual Installation from Source

This is the process where one downloads the source code and then compiles it manually. This method comes in where there is a need for a specially customized version of mod_ssl.

Step 1: Installation of Required Packages

Install the packages for building mod_ssl:

sudo yum groupinstall 'Development Tools' -y
sudo yum install openssl openssl-devel -y

Step 2: Download Source Code of Apache HTTPD and mod_ssl

Download the Apache HTTP Server and mod_ssl source code from appropriate websites:

wget https://downloads.apache.org/httpd/httpd-2.4.46.tar.gz
wget https://www.openssl.org/source/openssl-1.1.1k.tar.gz

Step 3: Extract Source Files

Extract the downloaded tar files:

tar -xzf httpd-2.4.46.tar.gz
tar -xzf openssl-1.1.1k.tar.gz

Step 4: Build and install OpenSSL

Enter the OpenSSL directory and build it:

cd openssl-1.1.1k
./config
make
sudo make install

Step 5: Build and Install Apache with mod_ssl

Navigate to the Apache directory and configure it with SSL support:

cd ../httpd-2.4.46
./configure --enable-ssl --with-ssl=/usr/local/ssl --enable-so
make
sudo make install

Step 6: Start Apache

Start Apache web server:

sudo /usr/local/apache2/bin/apachectl start

Step 7: Let Apache Use SSL

Edit the file httpd-ssl.conf located in the conf/extra directory:

sudo vi /usr/local/apache2/conf/extra/httpd-ssl.conf

Update the following lines with your certificate paths:

SSLCertificateFile /usr/local/apache2/conf/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/server.key

Step 8: Restart Apache

Restart Apache to apply changes:

sudo /usr/local/apache2/bin/apachectl restart

Conclusion

Adding mod_ssl to RHEL/CentOS 7 allows you to implement and configure the SSL module within Apache, thereby enhancing security with the power to permit encrypted communication.