Although we can easily configure the web server to listen to port 443 for https, this article uses the default configuration of the web server in Omarine 4.0, ie, not listening to port 443, to illustrate the case. No need to configure the server.
We use stunnel to do that.
We experiment on a local area network, assuming the server is omarine.omarine.co. See Creating manageable virtual machines: General Network Setup and Creating manageable virtual machines: Setting up name server to set up the network and the name server.
After setup, test FQDN:
Now start web server:
sudo systemctl start httpd
We try to browse https://omarine.omarine.co, resulting in failure
All right, let create a self-signed CA certificate named ca-cert.pem and create a server certificate signed by that CA certificate. See Omarine Native Directory (OND): Tạo các chứng chỉ CA, chứng chỉ server và chứng chỉ khách.
Next, copy the server certificate file to /etc/stunnel/stunnel.pem and copy the server certificate’s private key file to /etc/stunnel/key.pem.
Make sure only the file owner (root) can access the key file:
sudo chmod 600 /etc/stunnel/key.pem
Next, copy your self-signed CA certificate file to /etc/ssl/certs/
Trust this CA certificate:
sudo trust anchor --store /etc/ssl/certs/ca-cert.pem 2>/dev/null
Now start stunnel service:
sudo systemctl start stunnel
You may need to restart the browser (or delete the cache).
Re-browse https://omarine.omarine.co, everythings is OK