How to create an SSL Certificate on Apache for CentOS
Last update at 6/8/2020 by
SSL Certificate on Apache for CentOS
About Self-Signed Certificates
An SSL certificate is a way to encrypt a site’s information in order to create a more secure connection to your VPS.
Additionally, the certificate is able to show the web hosting’s identification information to any site visitor.
Certificate Authorities can issue SSL certificates which confirm the virtual server’s details as a self-signed certificate that holds no 3rd party corroboration.
Step 1 - Install Mod SSL
In order to set up a self-assigned SSL certificate, we will need to ensure that first the Apache and Mod SSL are installed on our VPS. You can install both using one command.
yum install mod_ssl
Step 2 - Create a New Directory
Now, you will have to create a new directory in which you will store the vps server key and certificate.
Step 3 - Create a Self-Signed Certificate
While you ask for a new certificate, you will specify how long the certificate will remain valid for by changing the ‘365’ to the number of days you wish. This is because the default the certificate will expire after one year.
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
With the command, you are going to be creating both the self-assigned SSL certificate and the vps server key which protects it before putting both of them inside the new directory.
The command should prompt a terminal to present a list of fields that have to be filled in.
This is the most important line, “Common Name”. Type your official vps server domain name here or, if you don’t have one yet, then use your site’s IP address. into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. You'll have a couple fields but you may leave some blank. For a few fields there will be a default value, If you enter '.', the field will be left blank. -----Country Name (2 letter code) [AU]:USState or Province Name (full name) [Some-State]:New York Locality Name (eg, city) :NYCOrganization Name (eg, company)[Internet Widgits Pty Ltd]: Awesome IncOrganizational Unit Name (eg, section) :Dept of MerrimentCommon Name (e.g. server FQDN or YOUR name) :domain.com Email Address :[email protected]
Step 4 - Set Up the Certificate
After you have all of the needed components for the finished certificate, what you need to do next is set up the virtual host to present the new certificate.
Open up the SSL config file.
Search for the section that starts with ‘<VirtualHost_default_:443>' and then make some quick changes.
Now uncomment the ‘DocumentRoot’ and ‘ServerName’ line. Then, replace ‘domain.com' with your own DNS approved vps server domain name or server IP address, it should be the same as the common name on the certificate.
Look for the following three lines and then ensure they match the extensions shown below.
SSLEngine onSSLCertificateFile /etc/httpd/ssl/apache.crtSSLCertificateKeyFile /etc/httpd/ssl/apache.key
You are now done. After restarting the Apache server, it will be reloaded along with every change in place.
Step 5 - Restart Apache
You are now done. After restarting the Apache server it will be reloaded along with every change in place.
Go over to your web browser and type ‘https://yourdomain.ltd' to see the new certificate.