How To Install SSL Certificate On CentOS

1 Star2 Stars3 Stars4 Stars5 Stars (2 votes, average: 5.00 out of 5)
Loading...
Install SSL On CentOS

Step-By-Step Process: SSL Certificate Installation on CentOS

Read this installation guide till the end to learn every step and command needed to install an SSL certificate on CentOS. From the prerequisites for the installation procedure to testing the installation, learn everything here.

Prerequisites For Installing an SSL Certificate on CentOS

Firstly, get access to a CentOS server. Not just that, get access with a non-root user that comes with sudo privileges. Not done with this configuration yet. No problem, as you can do it within an hour. Another thing you need to have is your Apache installed. To install your Apache web server with CentOS, check this guide that we prepared separately for you.

Steps for Generating a CSR

Generating a CSR (Certificate Signing Request) is much like a necessity as you need to send it to the Certificate Authority (CA) when applying for an SSL certificate. Not only does a CSR comprises all updated details about your organization or website, but it also consists of the private key. Use our free CSR Generator tool to create the CSR and Private Key.

Read our CentOS CSR Generation guide if you wish to generate it using OpenSSL Command.

Steps to SSL Certificate Installation on CentOS 8

Step 1: Install mod_ssl On Your System

Run this command to check if it’s installed or not.

rpm -qa | grep mod_ssl

Not installed? Use this command to install mod_ssl.

dnf install mod_ssl

Step 2: Create SSL Certificate Chain

The chain must comprise the private key along with the server, intermediate, and root certificates. To do so, run this command:

cat pub-key.pem ca-chain.pem > full-chain.pem

Go to your Apache server and keep the PEM file along with the SSL chain here:

/etc/pki/tls/certs

Go to this folder to keep the private key:

/etc/pki/tls/private/ 

If you want your private key to be inaccessible to others, secure it using this command:

chmod -R 600 /etc/pki/tls/private/

Step 3: Virtual Host Block Configuration

Use the following block of code in your domain’s configuration file that comes with a .conf extension.

DocumentRoot /var/www/abc.com
ServerName abc.com
ServerAlias abc.com

You’ll have to use your actual domain name and replace it with ‘abc.com’ here. However, you may lack a configuration file. If so, create it using this command:

nano /etc/httpd/conf.d/domainname.conf

Once done, place the file in the following:

/etc/httpd/conf.d/ directory

In your .conf file, add HTTPs redirects using this command:

ServerName abc.com
ServerAlias www.abc.com
Redirect "/" "https://abc.com/"

Finally, close the file but make sure you save all the changes before that.

Step 4: Restart & Done!

To restart the Apache server, run this command:

systemctl restart httpd

If it restarts successfully, the installation is complete.

SSL Installation for CentOS 7 & 6

Step 1: Downloading Certificates

Received the intermediate and primary certificates from your SSL provider? Now download them all.

Step 2: Copying the SSL Files

When copying the SSL files to your Apache server, ensure including the .key file that you acquired while generating the CSR code.

Step 3: Go to The Apache Configuration & Find and Edit The ssl.conf or httpd.conf File

To do so, run the following nano and cp commands:

# cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.BAK
# nano /etc/httpd/conf.d/ssl.conf

You may find that single or many files are commented out. If that happens – depending on your Apache version – delete the # character from the starting line. Then, enter the absolute path.

This block of code below illustrates the absolute file path of your certificates. However, before you copy-paste the thing, ensure to replace the files with the correct actual names.

SSLCertificateFile /etc/httpd/conf/ssl.crt/leaf_certificate.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/ABC.key
SSLCACertificatePath /etc/httpd/conf/ssl.chain/intermediate_chain.crt

Keep in mind that you need to change the certificate key file’s permission. To do so, use this command:

# chmod 400 /etc/httpd/conf/ssl.key/abc.com.key

Step 4: Restart the Server!

Now that you’re done, restart the Apache server. Make sure you save all the configurations before restarting the server. Once done, the installation is complete.

Cheap SSL Certificates