how to setup ssl certificate on centos 7
Details
To set up an SSL certificate on CentOS 7, you can use the popular open-source web server, Apache HTTP Server (httpd). Here are the general steps to follow:
- Install Apache (httpd):
- Install OpenSSL:
- Generate a Certificate Signing Request (CSR):
- Submit CSR to a Certificate Authority (CA):
- Install the SSL Certificate:
- Configure Apache for SSL:
- Adjust Firewall Rules:
- Restart Apache:
If you haven't already installed Apache, you can do so by running the following command as the root or with sudo privileges:
sudo yum install httpd
Ensure that OpenSSL is installed on your system. It's required for generating and managing SSL certificates.
sudo yum install openssl
You can generate a CSR and a private key using OpenSSL. Replace your_domain.com with your actual domain or subdomain:
openssl req -newkey rsa:2048 -nodes -keyout /etc/httpd/conf/ssl.key/your_domain.key -out /etc/httpd/conf/ssl.csr/your_domain.csr
Follow the prompts to enter the requested information, including the Common Name (CN), which should be your domain name (e.g., your_domain.com).
Take the generated CSR file (usually located at /etc/httpd/conf/ssl.csr/your_domain.csr) and submit it to a trusted Certificate Authority, such as Let's Encrypt, Comodo, or another CA, to obtain your SSL certificate. They will provide you with the SSL certificate files.
Once you have received the SSL certificate files (usually in .crt format), you need to install them on your server. You typically receive two files: your_domain.crt and sometimes a bundle or intermediate certificate.
Copy the certificate and private key to the appropriate directory:
sudo cp /path/to/your_domain.crt /etc/httpd/conf/ssl.crt/ sudo cp /path/to/your_domain_bundle.crt /etc/httpd/conf/ssl.crt/ # If you have a bundle
Create or edit an Apache configuration file for your website to enable SSL. Typically, this is located in /etc/httpd/conf.d/ssl.conf. If it doesn't exist, you can create it.
sudo nano /etc/httpd/conf.d/ssl.conf
Add or modify the following lines to point to your SSL certificate and private key files:
SSLCertificateFile /etc/httpd/conf/ssl.crt/your_domain.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/your_domain.key
If you have a firewall enabled, open port 443 for HTTPS traffic:
sudo firewall-cmd --permanent --add-service=https sudo firewall-cmd --reload
Finally, restart the Apache service to apply the changes:
sudo systemctl restart httpd
Your SSL certificate should now be installed and configured on CentOS 7, allowing your web server to securely serve HTTPS traffic. Remember to keep your SSL certificate and private key files secure and regularly renew your certificate when it expires.