(2 votes, average: 5.00 out of 5)
Loading...
Read this installation guide till the end to learn every step and command needed to install an SSL certificate on CentOS. From the prerequisites for the installation procedure to testing the installation, learn everything here.
Prerequisites For Installing an SSL Certificate on CentOS
Firstly, get access to a CentOS server. Not just that, get access with a non-root user that comes with sudo privileges. Not done with this configuration yet. No problem, as you can do it within an hour. Another thing you need to have is your Apache installed. To install your Apache web server with CentOS, check this guide that we prepared separately for you.
Steps for Generating a CSR
Generating a CSR (Certificate Signing Request) is much like a necessity as you need to send it to the Certificate Authority (CA) when applying for an SSL certificate. Not only does a CSR comprises all updated details about your organization or website, but it also consists of the private key. Use our free CSR Generator tool to create the CSR and Private Key.
Read our CentOS CSR Generation guide if you wish to generate it using OpenSSL Command.
Run this command to check if it’s installed or not.
rpm -qa | grep mod_ssl
Not installed? Use this command to install mod_ssl.
dnf install mod_ssl
The chain must comprise the private key along with the server, intermediate, and root certificates. To do so, run this command:
cat pub-key.pem ca-chain.pem > full-chain.pem
Go to your Apache server and keep the PEM file along with the SSL chain here:
/etc/pki/tls/certs
Go to this folder to keep the private key:
/etc/pki/tls/private/
If you want your private key to be inaccessible to others, secure it using this command:
chmod -R 600 /etc/pki/tls/private/
Use the following block of code in your domain’s configuration file that comes with a .conf extension.
DocumentRoot /var/www/abc.com
ServerName abc.com
ServerAlias abc.com
You’ll have to use your actual domain name and replace it with ‘abc.com’ here. However, you may lack a configuration file. If so, create it using this command:
nano /etc/httpd/conf.d/domainname.conf
Once done, place the file in the following:
/etc/httpd/conf.d/ directory
In your .conf file, add HTTPs redirects using this command:
ServerName abc.com
ServerAlias www.abc.com
Redirect "/" "https://abc.com/"
Finally, close the file but make sure you save all the changes before that.
To restart the Apache server, run this command:
systemctl restart httpd
If it restarts successfully, the installation is complete.
Received the intermediate and primary certificates from your SSL provider? Now download them all.
When copying the SSL files to your Apache server, ensure including the .key file that you acquired while generating the CSR code.
To do so, run the following nano and cp commands:
# cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.BAK
# nano /etc/httpd/conf.d/ssl.conf
You may find that single or many files are commented out. If that happens – depending on your Apache version – delete the # character from the starting line. Then, enter the absolute path.
This block of code below illustrates the absolute file path of your certificates. However, before you copy-paste the thing, ensure to replace the files with the correct actual names.
SSLCertificateFile /etc/httpd/conf/ssl.crt/leaf_certificate.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/ABC.key
SSLCACertificatePath /etc/httpd/conf/ssl.chain/intermediate_chain.crt
Keep in mind that you need to change the certificate key file’s permission. To do so, use this command:
# chmod 400 /etc/httpd/conf/ssl.key/abc.com.key
Now that you’re done, restart the Apache server. Make sure you save all the configurations before restarting the server. Once done, the installation is complete.