(3 votes, average: 5.00 out of 5)
Loading...
Read this installation guide till the end to learn every step and command needed to install an SSL certificate on CentOS. From the prerequisites for the installation procedure to testing the installation, learn everything here.
Firstly, you need to get access to a CentOS server. Not just that, get access with a non-root user that comes with sudo privileges. Not done with this configuration yet. No problem, as you can do it within an hour. Another thing you need to have is your Apache installed. To install your Apache web server with CentOS, check this guide we prepared separately.
Generating a CSR (Certificate Signing Request) is much like a necessity as you need to send it to the Certificate Authority (CA) when applying for an SSL certificate. Not only does a CSR comprise all updated details about your organization or website, but it also consists of the private key. Use our free CSR Generator tool to create the CSR and Private Key.
Read our CentOS CSR Generation guide to generate it using OpenSSL Command.
Run this command to check if it’s installed or not.
rpm -qa | grep mod_ssl
Not installed? Use this command to install mod_ssl.
dnf install mod_ssl
The chain must comprise the private key and the server, intermediate, and root certificates. To do so, run this command:
cat pub-key.pem ca-chain.pem > full-chain.pem
Go to your Apache server and keep the PEM file along with the SSL chain here:
/etc/pki/tls/certs
Go to this folder to keep the private key:
/etc/pki/tls/private/
If you want your private key to be inaccessible to others, secure it using this command:
chmod -R 600 /etc/pki/tls/private/
Use the following code block in your domain’s configuration file that comes with a .conf extension.
DocumentRoot /var/www/abc.com
ServerName abc.com
ServerAlias abc.com
You’ll have to use your domain name and replace it with ‘abc.com’ here. However, you may lack a configuration file. If so, create it using this command:
nano /etc/httpd/conf.d/domainname.conf
Once done, place the file in the following:
/etc/httpd/conf.d/ directory
In your .conf file, add HTTPs redirects using this command:
ServerName abc.com
ServerAlias www.abc.com
Redirect "/" "https://abc.com/"
Finally, close the file and save all the changes before that.
To restart the Apache server, run this command:
systemctl restart httpd
If it restarts successfully, the installation is complete.
Received the intermediate and primary certificates from your SSL provider? Now, download them all.
When copying the SSL files to your Apache server, include the .key file you acquired while generating the CSR code.
To do so, run the following nano and cp commands:
# cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.BAK
# nano /etc/httpd/conf.d/ssl.conf
You may find that single or many files are commented out. If that happens – depending on your Apache version – delete the # character from the starting line. Then, enter the absolute path.
This block of code below illustrates the absolute file path of your certificates. However, before you copy-paste the thing, replace the files with the correct names.
SSLCertificateFile /etc/httpd/conf/ssl.crt/leaf_certificate.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/ABC.key
SSLCACertificatePath /etc/httpd/conf/ssl.chain/intermediate_chain.crt
Remember that you need to change the certificate key file’s permission. To do so, use this command:
# chmod 400 /etc/httpd/conf/ssl.key/abc.com.key
Now that you’re done restarting the Apache server Make sure you save all the configurations before restarting the server. Once done, the installation is complete.