Configure HTTPS
This section describes how to configure https to allow secure communication to the OpenIAM UI.
If opted to not install the rProxy during the RPM installation process, then install it now. The guide on how to install OpenIAM rProxy can be found here.
To configure HTTPS, perform the following steps:
- Copy our certs to /etc/pki/tls/certs/.
- Copy private key to /etc/pki/tls/private/.
- Remove the existing mod_openiam.conf file from /etc/httpd/conf.d or from the location based on the installation.
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf_not_used
- Remove no ssl config
mv /etc/httpd/conf.d/mod_openiam.conf /etc/httpd/conf.d/mod_openiam.conf_not_used
- Copy openiam ssl config example
cp /usr/share/doc/mod_openiam/conf.d/mod_openiam_ssl.conf /etc/httpd/conf.d/
- Modify the following in file /etc/httpd/conf.d/mod_openiam_ssl.conf
SSLCertificateFile /etc/pki/tls/certs/super_openiam_com.crtSSLCertificateKeyFile /etc/pki/tls/private/super_openiam_com.keySSLCACertificateFile /etc/pki/tls/certs/gd_bundle.crt#SSLCertificateFile /etc/pki/tls/certs/localhost.crt#SSLCertificateKeyFile /etc/pki/tls/private/localhost.key#SSLCACertificateFile /etc/pki/tls/certs/ca-bundle.crt
Files from your certificate provider, such as GoDaddy, are:
- super_openiam_com.crt
- super_openiam_com.key
- gd_bundle.crt
Now you can restart Apache:
systemctl restart httpd
Make sure you have port 80 (or 443 for https) for http open. If not, you can use these firewall rules:
sudo firewall-cmd --permanent --zone=public --add-port=80/tcpsudo firewall-cmd --zone=public --add-service=httpsudo firewall-cmd --reload
sudo firewall-cmd --permanent --zone=public --add-port=443/tcpsudo firewall-cmd --zone=public --add-service=httpssudo firewall-cmd --reload