Linux Tutorials Others

Install and configure SSL on Apache in CentOS 7 / RHEL 7

main_image_apache_ssl

Generating SSL certificate

Create own-created SSL Certificates. However, If you use your server as a business, it had better buy and use a Formal Certificate from Verisigh/GoDaddy etc. and so on.

go to following directory

cd /etc/pki/tls/certs

guess_linux_apache_ssl1

make ssl_key.key

guess_linux_apache_ssl2guess_linux_apache_ssl3

remove passphrase from private key

openssl rsa -in ssl_key.key -out ssl_key.key

guess_linux_apache_ssl4

and then for csr

make ssl_key.csr CSR (Certificate Signing Request)

guess_linux_apache_ssl5guess_linux_apache_ssl6

finally generate certificate

openssl x509 -in ssl_key.csr -out ssl_key.crt -req -signkey ssl_key.key -days 365

guess_linux_apache_ssl7guess_linux_apache_ssl8

 

Configure SSL for Apache

install mod ssl

yum install mod_ssl

guess_linux_apache_ssl9guess_linux_apache_ssl10

 

add ssl key pair to ssl.conf

vi /etc/httpd/conf.d/ssl.conf

guess_linux_apache_ssl11

uncomment line no 59

DocumentRoot "/var/www/html"

line no 60 uncomment and specify the server name here i added my ip address you can add your server name/hostname

ServerName 139.59.23.34:443

guess_linux_apache_ssl14

line 75: change
SSLProtocol -All +TLSv1 +TLSv1.1 +TLSv1.2

line 100: change to the one created

SSLCertificateFile /etc/pki/tls/certs/ssl_key.crt

line 107: change to the one created

SSLCertificateKeyFile /etc/pki/tls/certs/ssl_key.key

guess_linux_apache_ssl15

restart apache

systemctl restart httpd

guess_linux_apache_ssl16

Testing

go to https://your-ip in my case its https://139.59.23.34

guess_linux_apache_ssl18 guess_linux_apache_ssl19

Thank You.

Leave a Comment