Hamsa K
Editor
4 min read | 2 months ago

How to Install SSL certificate on Apache for Centos 7

Install ssl certificate on Centos7 to secure Apache

SSL is a web protocol that is used to send trafic between server and client in a secured manner. It provides secure and encrypted transactions between the browser and websites

In the following tutorial, we will see how to secure Apache Web server in Centos-7 through SSL. We are going to create our own certificate and learn how to configure it. If you want to host a public site with SSL support, then you need to purchase an SSL certificate from a trusted certificate authority.

First we need to install httpd package.

[root@lampblogs ~]# yum install httpd

once apache package is isntalled install mod_ssl which is an Apache module that provides support for SSL encryption.

[root@lampblogs ~]# yum install mod_ssl openssl

sample output

Installed:
  mod_ssl.x86_64 1:2.4.6-89.el7.centos.1
Updated:
  openssl.x86_64 1:1.0.2k-16.el7_6.1                                                                                                                                                           
Dependency Updated:
  openssl-libs.x86_64 1:1.0.2k-16.el7_6.1

Now generate private key

[root@lampblogs ~]# openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
..............................+++
.......................................................+++
e is 65537 (0x10001)

Generate certificate signing request (csr)

[root@lampblogs ~]# openssl req -new -key ca.key -out ca.csr

sample output

Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:Hyderabad
Organization Name (eg, company) [Default Company Ltd]:Lampblogs
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:lampblogs.com
Email Address []:admin@lampblogs.com

Finally, generate a self-signed certificate ca.crt

[root@lampblogs ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=IN/ST=TN/L=Hyderabad/O=Lampblogs/CN=lampbll\x08
Getting Private key

Now edit apache ssl config file 

[root@lampblogs ~]# vi /etc/httpd/conf.d/ssl.conf

add below lines (sample output)

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
servername lamp.com
Documentroot /var/www/html
</VirtualHost>

Add the service and the port number to the firewall

firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload

 

verify config file and start httpd service

[root@lampblogs ~]# httpd -t
Syntax OK
[root@lampblogs ~]# systemctl restart httpd

Now open browser and check your website.

 

 

 

 

 



Warning! This site uses cookies
By continuing to browse the site, you are agreeing to our use of cookies. Read our terms and privacy policy