Hamsa K
4 min read | 1 month ago

How to Install SSL certificate on Apache for Centos 7

Install ssl certificate on Centos7 to secure Apache

SSL is a web protocol that is used to send trafic between server and client in a secured manner. It provides secure and encrypted transactions between the browser and websites

In the following tutorial, we will see how to secure Apache Web server in Centos-7 through SSL. We are going to create our own certificate and learn how to configure it. If you want to host a public site with SSL support, then you need to purchase an SSL certificate from a trusted certificate authority.

Also Read -> How to Install and Configure Redmine on Centos 7

First we need to install httpd package.

[root@lampblogs ~]# yum install httpd

once apache package is isntalled install mod_ssl which is an Apache module that provides support for SSL encryption.

[root@lampblogs ~]# yum install mod_ssl openssl

sample output

  mod_ssl.x86_64 1:2.4.6-89.el7.centos.1
  openssl.x86_64 1:1.0.2k-16.el7_6.1                                                                                                                                                           
Dependency Updated:
  openssl-libs.x86_64 1:1.0.2k-16.el7_6.1

Now generate private key

[root@lampblogs ~]# openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
e is 65537 (0x10001)

Generate certificate signing request (csr)

[root@lampblogs ~]# openssl req -new -key ca.key -out ca.csr

sample output

Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:TN
Locality Name (eg, city) [Default City]:Hyderabad
Organization Name (eg, company) [Default Company Ltd]:Lampblogs
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:lampblogs.com
Email Address []:admin@lampblogs.com

Finally, generate a self-signed certificate ca.crt

[root@lampblogs ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
Getting Private key

Now edit apache ssl config file 

[root@lampblogs ~]# vi /etc/httpd/conf.d/ssl.conf

add below lines (sample output)

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
servername lamp.com
Documentroot /var/www/html

Add the service and the port number to the firewall

firewall-cmd --permanent --add-service=https
firewall-cmd --permanent --add-port=443/tcp
firewall-cmd --reload

verify config file and start httpd service

[root@lampblogs ~]# httpd -t
Syntax OK
[root@lampblogs ~]# systemctl restart httpd

Now open browser and check your website as https://ip_address or https://domain_name.

Also Read -> How to Install Nodejs on Centos 7

Warning! This site uses cookies
By continuing to browse the site, you are agreeing to our use of cookies. Read our terms and privacy policy