How To Install SSL Certificate on Apache for CentOS 7

Introduction

SSL (Secure Sockets Layer) is a protocol that provides secure communication between a web server and a web browser. It is used to encrypt data sent between the two, ensuring that it is not intercepted by malicious third parties. Installing an SSL certificate on Apache for CentOS 7 is a relatively straightforward process. This guide will walk you through the steps necessary to install an SSL certificate on Apache for CentOS 7.

How To Install SSL Certificate on Apache for CentOS 7

1. Generate a Certificate Signing Request (CSR):

First, you need to generate a Certificate Signing Request (CSR) and private key. To do this, open a terminal window and run the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout your_domain_name.key -out your_domain_name.csr

2. Purchase an SSL Certificate:

Once you have generated the CSR, you can purchase an SSL certificate from a Certificate Authority (CA).

3. Install the SSL Certificate:

Once you have purchased the SSL certificate, you can install it on your Apache server. To do this, open a terminal window and run the following command:

sudo cp your_domain_name.crt /etc/ssl/certs

4. Configure Apache to Use the SSL Certificate:

Once you have installed the SSL certificate, you need to configure Apache to use it. To do this, open the Apache configuration file in a text editor:

sudo nano /etc/httpd/conf/httpd.conf

Add the following lines to the configuration file:

SSLCertificateFile /etc/ssl/certs/your_domain_name.crt

SSLCertificateKeyFile /etc/ssl/private/your_domain_name.key

Save and close the file.

5. Restart Apache:

Finally, you need to restart Apache for the changes to take effect. To do this, run the following command:

sudo systemctl restart httpd

Introduction

SSL Certificates are small data files that certify ownership of a public cryptographic key. Certificate Authorities (CA) guarantee that the key belongs to an organization, server, or other entity listed in the certificate.

When a user, via their browser, accesses a certified website, the information is encrypted with a unique public key. The data can only be decrypted by using a unique private key located on the host server. This high level of encryption prevents unauthorized attempts to access the information.

In this tutorial, learn how to install an SSL Certificate on CentOS 7.

Tutorial on how to install SSL certificate on CentOS 7.

Prerequisites

  • A user with sudo privileges
  • Access to a command line (Ctrl-Alt-T)
  • A CentOS 7 machine
  • A valid domain name with DNS pointed at the server

How to Get an SSL Certificate

There are several ways to obtain Certificates:

  1. Using an automated and free certificate authority such as the Let’s Encrypt project.
  2. Commercial certificate authorities provide certificates for a fee (Comodo, DigiCert, GoDaddy)
  3. Alternatively, it is possible to create a self-signed certificate. This type of certificate is useful for testing purposes or for use in a development environment.

If you are still considering what type of certificate you need, or which CA to choose, we’ve prepared a comprehensive guide to SSL certificates, private keys, and CSRs to assist you in the process.

Note: Trusted CAs do not verify self-signed certificates. Users cannot use it to validate the identity of their server automatically.

Install SSL Certificate with Let’s Encrypt

Let’s Encrypt is a free, open, and automated certificate authority. It uses the certbot software tool to administer certificates automatically.

Certbot is a highly automated tool. Make sure that that your Apache installation is valid and that you have a virtual host configured for your domain/s. You should first read our tutorial on how to install Apache on CentOS 7 if you need assistance with configuring your firewall and virtual hosts.

Certbot Installation

1. Use the command terminal to install the EPEL repository and yum-utils:

sudo yum –y install epel-release yum-utils

2. Next, install a module that supports SSL for Apache:

sudo yum -y install mod_ssl

In this example, the latest version of the module is already available.

Command that installs a module to support SSL for Apache.

3. We can now install certbot for Apache:

sudo yum –y install python-certbot-apache

4. Once the installation runs its course, you can start the process to obtain a certificate by entering:

sudo certbot –apache –d yourdomain.com

Alternatively, start certbot by typing:

sudo certbot

5. The client asks you to provide an email address and to read and accept the Terms of Services. Certbot then lists the domains available on your server. Activate HTTPS for specific domains or all of them by leaving the field blank.

Certbot then the domains available on your server.

The next prompt allows you to force all requests to secure HTTPS access.

Once you have made your choices, the message on the terminal confirms that you have enabled encryption for your domain.

Automatic Certificate Renewal

The certificates issued by Let’s Encrypt are valid for 90 days. The certbot renew command checks the installed certificates and tries to renew them if they are less than 30 days away from expiration. To automate this process, create a cron job to execute the command periodically.

Use your preferred text editor to define how often to execute the renew command:

sudo crontab -e

Enter this line and save the crontab:

* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1

How to Install SSL Certificate with Comodo

1. The first step is to submit a Certificate Signing Request to a Certification Authority. Our detailed guide on how to generate a certificate signing request (CSR) with OpenSSL is an excellent resource if you need assistance with this process.

2. Once a CA certifies your request, you receive a copy of your SSL certificate. You can now install the certificate on your CentOS 7 server.

This example shows how to install a certificate from a paid SSL provider, Comodo.

3. Once Comodo verifies your CSR the request, download the SSL files. Copy them (ComodoRSACA.crt) and the Primary Certificate (yourdomain.crt), to your Apache server directory. The private key generated during the CSR (Certificate Signing Request) process needs to be on the same server.

Configure Virtual Hosts for SSL

Aftr you have successfully certified the domain and placed the key files on the server, the next step will be to configure the virtual hosts to display the certificate.

1. Access the SSL configuration file:

sudo nano /etc/httpd/conf.d/ssl.conf

2. Edit the configuration file to point to the correct files on your server.

Uncomment the following lines under section <VirtualHost_default_:443> and enter the correct file paths:

  • DocumentRoot “/var/www/yourdomain.com”
  • ServerName yourdomain.com: 443
General Host for Virtual Host
  • SSLEngine on
  • SSLCertificateFile – The path of your certificate file.
  • SSLCertificateKeyFile – The path of your key file.
  • SSLCertificateChainFile– The intermediate COMODO certificate file.
Continuation of general setup for virtual host.

3. After making the necessary changes, exit the file (Ctrl+X), and press y to save the changes.

4. Test your Apache configuration before restarting. Make sure that the syntax is correct by typing:

sudo apachectl configtest

5. Once the system confirms that the syntax is correct, restart Apache:

sudo systemctl restart httpd

You have now set up your Apache server to use the SSL certificate.

How to Create a Self-signed SSL Certificate

A self-signed certificate is useful for testing, in development environments, and on an intranet.

1. As with Let’s Encrypt, the mod_ssl Apache module provides support for the SSL encryption:

sudo yum –y install mod_ssl

2. Create a new directory to store the private key:

sudo mkdir /etc/ssl/privatekey

3. Restrict access to that directory only to the root user:

sudo chmod 700 /etc/ssl/privatekey

4. Generate a self-signed certificate using this OpenSSL command:

sudo openssl req -x509 -new -newkey rsa:2048  -nodes -days 365 -keyout /etc/ssl/privatekey/ yourdomain.key -out /etc/ssl/certs/yourdomain.csr

This is a detailed overview of the elements:

  • openssl – activates the OpenSSL software
  • req – indicates that we require a CSR
  • -x509 – specifies to use the X.509 signing request
  • -new -newkey – generate a new key
  • rsa:2048 – generate a 2048-bit RSA mathematical key
  • -nodes – no DES, meaning do not encrypt the private key in a PKCS#12 file
  • days 365number of days that the certificate is valid for
  • -keyout – indicates the domain you’re generating a key for
  • -out – specifies the name of the file that contains the CSR

Note: Make sure to replace yourdomain with your actual domain.

5. The system launches a questionnaire for you to fill out.

Enter your information in the available fields:

  • Country Name – use a 2-letter country code
  • State – the state where the domain owner is incorporated in
  • Locality – the city where the domain owner is incorporated in
  • Organization name – an entity that owns the domain
  • Organizational unit name –the department or group in your organization that works with certificates
  • Common name – most often, the fully qualified domain name (FQDN)
  • Email address – contact email address
  • Challenge password – define an optional password for your key pair

The image represents an example questionnaire in CentOS 7.

Example questionnaire in CentOS 7.

6. Proceed to configure the virtual host to display the new certificate. The process is identical to the steps outlined in Chapter 2, Configure Virtual Hosts for SSL.

7. Test your Apache configuration before restarting. To make sure that the syntax is correct, type:

sudo apachectl configtest

8. Once the system confirms that the syntax is correct, restart Apache:

sudo systemctl restart httpd

You have now set up your Apache server to use your self-signed SSL certificate and should be able to visit your site with SSL enabled.

How to Check if a SSL Certificate is Valid?

To check if a SSL Certificate is valid  you can publically available services, such as the SSL Server Test. Confirm the status of your certificate, and to check if all the details are correct.

Alternatively, access your website using https:// to see if the SSL certificate is visible. The green padlock indicates that the additional layer of encryption is present.

example of checking SSL status on browser

Conclusion

By following these instructions, you have secured traffic on your CentOS Linux distribution website by implementing an SSL Certificate.

Your new SSL certificate ensures that all data passing between the web server and browsers remain private and secure.

How To Install SSL Certificate on Apache for CentOS 7

Installing an SSL certificate on Apache for CentOS 7 is a relatively simple process. This guide will walk you through the steps necessary to get your SSL certificate up and running on your Apache server.

Step 1: Generate a Certificate Signing Request (CSR)

The first step in the process is to generate a Certificate Signing Request (CSR). This is a file that contains information about your website and your organization. It is used to generate the SSL certificate.

To generate a CSR, you will need to use the OpenSSL command line tool. To do this, open a terminal window and type the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout your_domain_name.key -out your_domain_name.csr

This command will generate two files: a private key file (your_domain_name.key) and a CSR file (your_domain_name.csr). You will need to submit the CSR file to the Certificate Authority (CA) when you purchase your SSL certificate.

Step 2: Install the SSL Certificate

Once you have purchased your SSL certificate, you will need to install it on your Apache server. To do this, you will need to copy the certificate files to the appropriate directory on your server. The exact location of the directory will depend on your Apache configuration.

Once the certificate files are in place, you will need to edit the Apache configuration file (httpd.conf) to enable the SSL module and configure the SSL certificate. To do this, open the configuration file in a text editor and add the following lines:

LoadModule ssl_module modules/mod_ssl.so

Listen 443


    SSLEngine on
    SSLCertificateFile /path/to/your_domain_name.crt
    SSLCertificateKeyFile /path/to/your_domain_name.key

Once you have saved the configuration file, you will need to restart Apache for the changes to take effect. To do this, type the following command:

sudo systemctl restart httpd

Your SSL certificate should now be installed and enabled on your Apache server.

Conclusion

Installing an SSL certificate on Apache for CentOS 7 is a relatively simple process. By following the steps outlined in this guide, you should be able to get your SSL certificate up and running in no time.

Jaspreet Singh Ghuman

Jaspreet Singh Ghuman

Jassweb.com/

Passionate Professional Blogger, Freelancer, WordPress Enthusiast, Digital Marketer, Web Developer, Server Operator, Networking Expert. Empowering online presence with diverse skills.

jassweb logo

Jassweb always keeps its services up-to-date with the latest trends in the market, providing its customers all over the world with high-end and easily extensible internet, intranet, and extranet products.

Contact
San Vito Al Tagliamento 33078
Pordenone Italy
Item added to cart.
0 items - 0.00
Open chat
Scan the code
Hello 👋
Can we help you?