Install self-signed certificate
1. Install mod_ssl
; which is an Apache
module that provides support for SSL Encryption
yum install mod_ssl
2. Create a directory to store the certificates and the keys
(I will be creating /etc
since config-files are usually stored it this directory.
mkdir /etc/ssl/private
3. Make sure that only root
user has access to the directory.
chmod 700 /etc/ssl/private
4. Generate the SSL
keys and certificates using the following command:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt
req -x509
: specifies we want to use X.509 certificate signing request.-nodes
: tellsopenssl
to skip the option to secure the certificate with a passphrase since we need Apache to be able to read the file without user intervention.-days 365
: Sets the length of time the certificate will be considered valid.-newkey rsa:2048
: specifies generate a new certificate and new key at the same time and the key is RSA Key and 2048 bits long.-keyout
: tellsopenssl
where to place the generated private key file we are creating.-out
: tellsopenssl
where to place the certificate we are creating.
5. Edit the SSL
configuration file (mine will be):
vim /etc/httpd/conf.d/ssl.conf
6. Run the following command for syntax errors:
apachectl configtest
7. Allow SSL
through Firewall:
firewall-cmd –permanent –add-service=https
8.Add Listen 443
to the default httpd.conf
file.
9. Restatrt apache.
systemctl restart httpd
9. Test your website in browser using https
.