Configure HTTPS

This section describes how to configure https to allow secure communication to the OpenIAM UI.

If opted to not install the rProxy during the RPM installation process, then install it now. The guide on how to istall OpenIAM rProxy can be founf here.

To configure HTTPS, perform the following steps:

  1. Copy our certs to /etc/pki/tls/certs/.

  2. Copy private key to /etc/pki/tls/private/.

  3. Remove the existing mod_openiam.conf file from /etc/httpd/conf.d or from the location based on the installation.

mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_not_used
  1. Remove no ssl config 
mv /etc/httpd/conf.d/mod_openiam.conf /etc/httpd/conf.d/mod_openiam.conf_not_used
  1. Copy openiam ssl config example
cp /usr/share/doc/mod_openiam/conf.d/mod_openiam_ssl.conf /etc/httpd/conf.d/
  1. Modify the following in file /etc/httpd/conf.d/mod_openiam_ssl.conf  
SSLCertificateFile /etc/pki/tls/certs/super_openiam_com.crt
SSLCertificateKeyFile /etc/pki/tls/private/super_openiam_com.key
SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.crt
#SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt

Needed files from goDaddy are:

super_openiam_com.crt

super_openiam_com.key

gd_bundle.crt these

GoDaddy files

Now you can restart apache:

systemctl restart httpd

Make sure you have port 80 (or 443 for https) for http open. If not, you can use this firewalld rules:

sudo firewall-cmd --permanent --zone=public --add-port=80/tcp
sudo firewall-cmd --zone=public --add-service=http
sudo firewall-cmd --reload
sudo firewall-cmd --permanent --zone=public --add-port=443/tcp
sudo firewall-cmd --zone=public --add-service=https
sudo firewall-cmd --reload