How to create an SSL Certificate on Apache for CentOS

Last update at 6/8/2020 by

SSL Certificate for Apache on CentOS

SSL Certificate on Apache for CentOS

About Self-Signed Certificates

An SSL certificate is a way to encrypt a site’s information in order to create a more secure connection to your VPS.
Additionally, the certificate is able to show the web hosting’s identification information to any site visitor.
Certificate Authorities can issue SSL certificates which confirm the virtual server’s details as a self-signed certificate that holds no 3rd party corroboration.

Step 1 - Install Mod SSL

In order to set up a self-assigned SSL certificate, we will need to ensure that first the Apache and Mod SSL are installed on our VPS. You can install both using one command.

yum install mod_ssl

Step 2 - Create a New Directory

Now, you will have to create a new directory in which you will store the vps server key and certificate.

mkdir /etc/httpd/ssl

Step 3 - Create a Self-Signed Certificate

While you ask for a new certificate, you will specify how long the certificate will remain valid for by changing the ‘365’ to the number of days you wish. This is because the default the certificate will expire after one year.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

With the command, you are going to be creating both the self-assigned SSL certificate and the vps server key which protects it before putting both of them inside the new directory.
The command should prompt a terminal to present a list of fields that have to be filled in.

This is the most important line, “Common Name”.
Type your official vps server domain name here or, if you don’t have one yet, then use your site’s IP address. 
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
You'll have a couple fields but you may leave some blank.
For a few fields there will be a default value,
If you enter '.', the field will be left blank.
-----Country Name (2 letter code)
[AU]:USState or Province Name (full name)
[Some-State]:New York
Locality Name (eg, city)
[]:NYCOrganization Name (eg, company)[Internet Widgits Pty Ltd]:
Awesome IncOrganizational Unit Name (eg, section) []:Dept of MerrimentCommon
Name (e.g. server FQDN or YOUR name)
 []                  Email Address []:[email protected]

Step 4 - Set Up the Certificate

After you have all of the needed components for the finished certificate, what you need to do next is set up the virtual host to present the new certificate.
Open up the SSL config file.

vi /etc/httpd/conf.d/ssl.conf

Search for the section that starts with ‘<VirtualHost_default_:443>' and then make some quick changes.
Now uncomment the ‘DocumentRoot’ and ‘ServerName’ line. Then, replace ‘' with your own DNS approved vps server domain name or server IP address, it should be the same as the common name on the certificate.

ServerName domaincom:443

Look for the following three lines and then ensure they match the extensions shown below.

SSLEngine onSSLCertificateFile /etc/httpd/ssl/apache.crtSSLCertificateKeyFile /etc/httpd/ssl/apache.key

You are now done. After restarting the Apache server, it will be reloaded along with every change in place.

Step 5 - Restart Apache

You are now done. After restarting the Apache server it will be reloaded along with every change in place.

 /etc/init.d/httpd restart

Go over to your web browser and type ‘' to see the new certificate.

No comments right now... Feel free to be the first one

Was this tutorial helpful?