Linux / RHCA

RHCA Journey Day 8 – MariaDB | Apache and TLS

January 2, 2019

It has been a few days since my last post, however, the studying continued on each day. I covered MariaDB, Apache, and TLS just recently. I really enjoyed the topics that I covered over the past few days as I was able to directly apply them to real-world situations with this website.

What made this especially fun was that my website is run off all of these. Until today though the site was just run over HTTP, after reading up on getting TLS working on Apache I figured, why not just put into practice what I learned by adding TLS support to this site. You may notice that now the site is fully https, and it redirects you to https automatically now. I did not go for the expensive ones, as I don’t sell anything on this site, so there was no need. So I just went for the DV (domain verification) certificate from Comodo.

I just needed to install two packages to get things going:

# yum install mod_ssl crypto-utils

From there I ran genkey to get my csr.

# genkey www.therootuser.com

Just follow the on screen prompts, and it dumps the file out at /etc/pki/tls/certs/www.therootuser.com.0.csr, which you then send to the CA to get signed (along with some money).

Then I just edited the file /etc/httpd/conf.d/therootuser.conf

SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/pki/tls/certs/www_therootuser_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.therootuser.com.key
SSLCACertificateFile /etc/pki/tls/certs/www_therootuser_com.ca-bundle

These were all added to the <VirtualHost *:443> section of the conf file

As this process took me time to figure out and get working properly it, of course, slowed me down on the Apache section, so I’m still finishing that chapter up and will take what I learn from there and apply it to make my site better.

With MariaDB, most of that was just review material, and the only syntax I think I’ll need to work on to get down correctly is creating users, and granting rights to them. For my purposes, it’s not something I really have to deal with, but it will still be useful to know.

For now, I will continue on with the Apache chapter, and try and apply things to my site, as well as in lab situations. At least I’m sure on this topic I will do well on the exam. Which knowing my luck, they won’t ask anything about. Usually how it goes. Check back tomorrow for more on Apache, and my next topics on the RHCE.

Cheers,

Ivan Windon – RHCSA

Tags:

Share

Ivan Windon

Ivan Windon is a Site Reliability Engineer at IBM. Ivan is actively engaged in Cloud Technologies with AWS, Google, and Azure. Ivan has extensive experience with Linux and Windows administration, DNS, Networking, IDM, and Security. In his free time, he enjoys being with his wife and two children. The family enjoys hiking, and traveling when able. His favorite locations are Yosemite NPS, and San Francisco, California.

You may also like...

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Privacy Policy