• Categories
    Category
  • Categories
    Category
  • News
  • Tutorials
  • Forums
  • Tags
  • Users
Tutorial Comments FAQ Related Articles

How To Install SSL Certificate in RHEL/CentOS

198

Installation SSL Certificate on RHEL/CentOS 7/6 to Secure Apache

SSL is a web protocol that is used to send trafic between server and client in a secured manner. It provides secure and encrypted transactions between the browser and websites. This protocol generates a certificate which the end user has to authenticate. Installation of SSL to initiate secure session is explained in this tutorial.

Install httpd package

To Install httpd package, run the following command.

[root@linuxhelp ~]# yum install httpd
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.webwerks.com
 * extras: centos.webwerks.com
 * updates: centos.webwerks.com
Resolving Dependencies
-->  Running transaction check
--->  Package httpd.x86_64 0:2.4.6-40.el7.centos will be installed
.
.
.
Installed:
  httpd.x86_64 0:2.4.6-40.el7.centos                                                    
Dependency Installed:
  apr.x86_64 0:1.4.8-3.el7                         apr-util.x86_64 0:1.5.2-6.el7        
  httpd-tools.x86_64 0:2.4.6-40.el7.centos         mailcap.noarch 0:2.1.41-2.el7        
Complete!


And install the package for secure web server.

[root@linuxhelp ~]# yum install mod_ssl
Loaded plugins: fastestmirror, langpacks
Loading mirror speeds from cached hostfile
 * base: centos.webwerks.com
 * extras: centos.webwerks.com
 * updates: centos.webwerks.com
Resolving Dependencies
-->  Running transaction check
--->  Package mod_ssl.x86_64 1:2.4.6-40.el7.centos will be installed
.
.
.
Installed:
  mod_ssl.x86_64 1:2.4.6-40.el7.centos                                                  
Dependency Updated:
  openssl.x86_64 1:1.0.1e-51.el7_2.4       openssl-libs.x86_64 1:1.0.1e-51.el7_2.4      
Complete!


To install openssl package for self-signed certificate use the following command.

[root@linuxhelp ~]# yum install openssl
Loaded plugins: aliases, changelog, fastestmirror, kabi, presto, refresh-packagekit, security, tmprepo, verify, versionlock
Loading support for CentOS kernel ABI
Setting up Install Process
Loading mirror speeds from cached hostfile
 * base: ftp.iitm.ac.in
 * elrepo: mirrors.thzhost.com
 * epel: ftp.cuhk.edu.hk
 * extras: ftp.iitm.ac.in
 * nux-dextop: li.nux.ro
.
.
.
  Verifying  : openssl-devel-1.0.1e-42.el6_7.4.x86_64         1/4                                                                                                                                                                    
  Verifying  : openssl-1.0.1e-42.el6_7.4.x86_64               2/4                                                                                                                                                                                          
  Verifying  : openssl-1.0.1e-42.el6_7.2.x86_64               3/4                                                                                                                                                                                          
  Verifying  : openssl-devel-1.0.1e-42.el6_7.2.x86_64         4/4                                                                                                                                                                                 
Updated:
  openssl.x86_64 0:1.0.1e-42.el6_7.4                                                                                                                                                                                                         
Dependency Updated:
  openssl-devel.x86_64 0:1.0.1e-42.el6_7.4                                                                                                                                                                                                   
Complete!

Generate a private key with 2048 bit encryption as follows.

[root@linuxhelp ~]# openssl genrsa -out ca.key 2048
Generating RSA private key, 2048 bit long modulus
.....................................................+++
...................................................................................+++
e is 65537 (0x10001)

Then generate the certificate signing request (CSR) by using the following command.

[root@linuxhelp ~]# openssl req -new -key ca.key -out ca.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
.
.
.
Please enter the following ' extra'  attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:

Generate a self-signed certificate of X509 type which remains active for 365 days.

[root@linuxhelp ~]# openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Signature ok
subject=/C=IN/L=Default City/O=Default Company Ltd
Getting Private key

After generating the certificates, copy the files to the necessary directory.



[root@linuxhelp ~]# cp ca.crt /etc/pki/tls/certs
[root@linuxhelp ~]# cp ca.key /etc/pki/tls/private/
[root@linuxhelp ~]# cp ca.csr /etc/pki/tls/private

Now edit the secure web server configuration file and add the below lines into it.

[root@linuxhelp ~]# vim /etc/httpd/conf.d/ssl.conf
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Verify the Apache configuration file.

[root@linuxhelp ~]# httpd -t
Syntax OK

Now open the apache web server configuration file using your favourite editor.

[root@linuxhelp ~]# vim /etc/httpd/conf/httpd.conf

Append the following lines into it.

< VirtualHost *:443> 
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
servername www.linuxhelp1.com
Documentroot /var/www/html
< /VirtualHost> 

And then Verify the Apache configuration file.

[root@linuxhelp ~]# httpd -t
Syntax OK

Add the service and the port number to the firewall

[root@linuxhelp ~]# firewall-cmd --permanent --add-service=https
success

[root@linuxhelp ~]# firewall-cmd --permanent --add-port=443/tcp
success

[root@linuxhelp ~]# firewall-cmd --reload
Success

Restart and enable the service for the web server

[root@linuxhelp ~]# systemctl restart httpd.service
[root@linuxhelp ~]# systemctl enable httpd.service
ln -s ' /usr/lib/systemd/system/httpd.service'  ' /etc/systemd/system/multi-user.target.wants/httpd.service' 

Now open the browser and type the website you have configured.
ssl
Untrusted connection page appers. Click ' I Understand the risk'
untrusted_connection
Then click add exception.


add_exception
Click Confirm security Exception.
confirm_security
Website that we have configured with SSL certificate.
configure_ssl

Tags:
benjamin
Author: 

Comments ( 0 )

No comments available

Add a comment

Frequently asked questions ( 5 )

Q

Do you have any utilities that can help me install a certificate?

A

Yes. If you are using Apache or IIS web servers, we offer a free utility which will help you generate a CSR, submit it to Comodo and then automatically install your certificate.

Q

When trying to go to the site over HTTPS it displays the message 'The page cannot be displayed'?

A

Here usually caused by port 443 not allowed through the firewall or by the SSL Certificate not having a corresponding key file.

Q

Why I have changed my server or moved to a different provider, how do I move the certificate?

A

The easiest way is to create a new CSR on the new machine and have the certificate re-issued.

Q

Why does the website say the SSL certificate is 'Untrusted'?

A

The usual cause of this is that the Comodo intermediate certificate has not been loaded.

Q

What is a public/private key pair in SSL?

A

Each SSL Certificate contains a public/private key pair: a private key with the code and a public key used to decode it.

Related Tutorials in How To Install SSL Certificate in RHEL/CentOS

Related Tutorials in How To Install SSL Certificate in RHEL/CentOS

Installation SSL Certificate on Ubuntu/Linuxmint/Debian to Secure Apache
Installation SSL Certificate on Ubuntu/Linuxmint/Debian to Secure Apache
Sep 19, 2018
How To Install SSL Certificate in RHEL/CentOS
How To Install SSL Certificate in RHEL/CentOS
May 23, 2016
How to create SSL certificate in OpenSUSE
How to create SSL certificate in OpenSUSE
Aug 12, 2017
How to Install mod_ssl and SSL certificate on Oracle Linux
How to Install mod_ssl and SSL certificate on Oracle Linux
Dec 30, 2021
How to create SSL Certificate on Nginx for CentOS
How to create SSL Certificate on Nginx for CentOS
May 18, 2017
How to Secure the website Using SSL on CentOS 7.6
How to Secure the website Using SSL on CentOS 7.6
Jul 12, 2019

Related Forums in How To Install SSL Certificate in RHEL/CentOS

Related Forums in How To Install SSL Certificate in RHEL/CentOS

SSL-Certificate
michael class=
curl: (60) Peer certificate cannot be authenticated with known CA certificates
Apr 26, 2017
SSL-Certificate
michael class=
how to add ssl certificate in linux
May 17, 2017
SSL-Certificate
skra217 class=
Convert & Install PFX ssl certificate in ubuntu 18
Jan 8, 2020
google chrome
sebastian class=
SSL Connection Error
Mar 1, 2021
Back To Top!
Rank
User
Points

Top Contributers

userNamenaveelansari
135850

Top Contributers

userNameayanbhatti
92510

Top Contributers

userNamehamzaahmed
32150

Top Contributers

1
userNamelinuxhelp
31040

Top Contributers

userNamemuhammadali
24500
Can you help Luke ?
workbench for debian

I am using workbench in CentOS whereas now I need to use Debian Operating system so could you please help to install and use in Debian?

Networking
  • Routing
  • trunk
  • Netmask
  • Packet Capture
  • domain
  • HTTP Proxy
Server Setup
  • NFS
  • KVM
  • Memory
  • Sendmail
  • WebDAV
  • LXC
Shell Commands
  • Cloud commander
  • Command line archive tools
  • last command
  • Shell
  • terminal
  • Throttle
Desktop Application
  • Linux app
  • Pithos
  • Retrospect
  • Scribe
  • TortoiseHg
  • 4Images
Monitoring Tool
  • Monit
  • Apache Server Monitoring
  • EtherApe 
  • Arpwatch Tool
  • Auditd
  • Barman
Web Application
  • Nutch
  • Amazon VPC
  • FarmWarDeployer
  • Rukovoditel
  • Mirror site
  • Chef
Contact Us | Terms of Use| Privacy Policy| Disclaimer
© 2025 LinuxHelp.com All rights reserved. Linux™ is the registered trademark of Linus Torvalds. This site is not affiliated with linus torvalds in any way.