I recently needed to secure the apache installation in a virtual private server running CentOS 7. I followed the instruction in this excellent tutorial by DigitalOcean.

These instructions allow you to get up to the A rating for the Qualys SSL Server Test. To jump up to an A+ rating, the server must also redirect all HTTP requests to their HTTPS equivalent. A straightforward way to do this is through enabling HSTS (HTTP Strict Transport Security), adding the line

Header always set Strict-Transport-Security "max-age=63072000; includeSubdomains

to the ssl.conf configuration file in the /etc/httpd/conf.d directory. Note that apache should be restarted in order for this change to take effect:

$ sudo apachectl restart

Happy SSL.

blog comments powered by Disqus