Configure HTTPS
This section describes how to configure https to allow secure communication to the OpenIAM UI.
If opted to not install the rProxy during the RPM installation process, then install it now. The guide on how to istall OpenIAM rProxy can be founf here.
To configure HTTPS, perform the following steps:
Copy our certs to /etc/pki/tls/certs/.
Copy private key to /etc/pki/tls/private/.
Remove the existing mod_openiam.conf file from /etc/httpd/conf.d or from the location based on the installation.
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_not_used
- Remove no ssl config
mv /etc/httpd/conf.d/mod_openiam.conf /etc/httpd/conf.d/mod_openiam.conf_not_used
- Copy openiam ssl config example
cp /usr/share/doc/mod_openiam/conf.d/mod_openiam_ssl.conf /etc/httpd/conf.d/
- Modify the following in file /etc/httpd/conf.d/mod_openiam_ssl.conf
SSLCertificateFile /etc/pki/tls/certs/super_openiam_com.crtSSLCertificateKeyFile /etc/pki/tls/private/super_openiam_com.keySSLCACertificateFile /etc/pki/tls/certs/gd_bundle.crt#SSLCertificateFile /etc/pki/tls/certs/localhost.crt#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
Needed files from goDaddy are:
super_openiam_com.crt
super_openiam_com.key
gd_bundle.crt these
Now you can restart apache:
systemctl restart httpd
Make sure you have port 80 (or 443 for https) for http open. If not, you can use this firewalld rules:
sudo firewall-cmd --permanent --zone=public --add-port=80/tcpsudo firewall-cmd --zone=public --add-service=httpsudo firewall-cmd --reload
sudo firewall-cmd --permanent --zone=public --add-port=443/tcpsudo firewall-cmd --zone=public --add-service=httpssudo firewall-cmd --reload