Configure and start the Apache HTTPS server

You customize the Apache HTTPS server by tailoring the entries contained in file /etc/httpd/conf.d/nss.conf.

In the steps described here, the information that you must enter is shown in bold font.

1. To ensure all TCP/IP ports use secure communication, change the following two lines:

   
   Listen 443
   <VirtualHost _default_:443>

2. Enable or disable cipher suites by selecting either + (enable) or - (disable) next to the cipher suites for which hardware support is available on your system. For example:

   NSSCipherSuite +rsa_aes_256_sha,+rsa_aes_128_sha,+rsa_3des_sha

3. Specify the server protocols you wish to use. For example, one of:

   NSSProtocol TLSv1.0,TLSv1.1

4. Change the following lines to include the server certificate stored in the nss database (as described in Creating an nss certificate database):

   
   NSSCertificateDatabase /etc/httpd/nss
   NSSNickname myicatoken:testcert
   

5. Specify the passphrases that were created in the password file:

   NSSPassPhraseDialog  file:/etc/httpd/nss/password.txt

6. Finally, specify that the Apache HTTPS server will be started when Linux® is started. In addition, start the Apache HTTPS server immediately.

   
   # systemctl enable httpd.service
   # systemctl start httpd.service