Configure HTTPS

This section describes how to configure https to allow secure communication to the OpenIAM UI.

If opted to not install the rProxy during the RPM installation process, then install it now. The guide on how to install OpenIAM rProxy can be found here.

To configure HTTPS, perform the following steps

  1. Copy our certs to /etc/pki/tls/certs/.
  2. Copy private key to /etc/pki/tls/private/.
  3. Remove the existing mod_openiam.conf file from /etc/httpd/conf.d or from the location based on the installation.
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_not_used
  1. Remove no ssl configuration.
mv /etc/httpd/conf.d/mod_openiam.conf /etc/httpd/conf.d/mod_openiam.conf_not_used
  1. Copy openiam ssl configuration example.
cp /usr/share/doc/mod_openiam/conf.d/mod_openiam_ssl.conf /etc/httpd/conf.d/
  1. Modify the following in file /etc/httpd/conf.d/mod_openiam_ssl.conf .
SSLCertificateFile /etc/pki/tls/certs/super_openiam_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/super_openiam_com.key
SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.crt
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

Files from your certificate provider, such as GoDaddy, are:

  • super_openiam_com.crt;
  • super_openiam_com.key;
  • gd_bundle.crt.

GoDaddy files

Now you can restart Apache:

systemctl restart httpd

Make sure you have port 80 for http (or 443 for https) open. If not, you can use these firewall rules:

sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
sudo firewall-cmd --zone=public --add-service=http
sudo firewall-cmd --reload
sudo firewall-cmd --permanent --zone=public --add-port=443/tcp
sudo firewall-cmd --zone=public --add-service=https
sudo firewall-cmd --reload