how to setup ssl certificate on centos 7

CentOS Server 07-10-2023

how to setup ssl certificate on centos 7


To set up an SSL certificate on CentOS 7, you can use the popular open-source web server, Apache HTTP Server (httpd). Here are the general steps to follow:

  1. Install Apache (httpd):
  2. If you haven't already installed Apache, you can do so by running the following command as the root or with sudo privileges:

    sudo yum install httpd
  3. Install OpenSSL:
  4. Ensure that OpenSSL is installed on your system. It's required for generating and managing SSL certificates.

    sudo yum install openssl
  5. Generate a Certificate Signing Request (CSR):
  6. You can generate a CSR and a private key using OpenSSL. Replace your_domain.com with your actual domain or subdomain:

    openssl req -newkey rsa:2048 -nodes -keyout /etc/httpd/conf/ssl.key/your_domain.key -out /etc/httpd/conf/ssl.csr/your_domain.csr

    Follow the prompts to enter the requested information, including the Common Name (CN), which should be your domain name (e.g., your_domain.com).

  7. Submit CSR to a Certificate Authority (CA):
  8. Take the generated CSR file (usually located at /etc/httpd/conf/ssl.csr/your_domain.csr) and submit it to a trusted Certificate Authority, such as Let's Encrypt, Comodo, or another CA, to obtain your SSL certificate. They will provide you with the SSL certificate files.

  9. Install the SSL Certificate:
  10. Once you have received the SSL certificate files (usually in .crt format), you need to install them on your server. You typically receive two files: your_domain.crt and sometimes a bundle or intermediate certificate.

    Copy the certificate and private key to the appropriate directory:

    sudo cp /path/to/your_domain.crt /etc/httpd/conf/ssl.crt/
    sudo cp /path/to/your_domain_bundle.crt /etc/httpd/conf/ssl.crt/  # If you have a bundle
  11. Configure Apache for SSL:
  12. Create or edit an Apache configuration file for your website to enable SSL. Typically, this is located in /etc/httpd/conf.d/ssl.conf. If it doesn't exist, you can create it.

    sudo nano /etc/httpd/conf.d/ssl.conf

    Add or modify the following lines to point to your SSL certificate and private key files:

    SSLCertificateFile /etc/httpd/conf/ssl.crt/your_domain.crt
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/your_domain.key
  13. Adjust Firewall Rules:
  14. If you have a firewall enabled, open port 443 for HTTPS traffic:

    sudo firewall-cmd --permanent --add-service=https
    sudo firewall-cmd --reload
  15. Restart Apache:
  16. Finally, restart the Apache service to apply the changes:

    sudo systemctl restart httpd

Your SSL certificate should now be installed and configured on CentOS 7, allowing your web server to securely serve HTTPS traffic. Remember to keep your SSL certificate and private key files secure and regularly renew your certificate when it expires.


Close Ads