This guide will teach you how to configure and setup your own SSL certification on your CentOS web server.
1. Install required software
Use yum to get the following software if its not yet installed on your web server.
yum install mod_ssl openssl
2. Generate a self-signed certificate
The following steps guides you on how to generate your own self-signed certificate.
Generate private key
openssl genrsa -out ca.key 2048
Generate CSR
openssl req -new -key ca.key -out ca.csr
Generate self-signed key
openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt
Copy the files to the respective locations
cp ca.crt /etc/pki/tls/certs
cp ca.key /etc/pki/tls/private/ca.key
cp ca.csr /etc/pki/tls/private/ca.csr
In cased you have moved the files and not copied them, use the following command to correct SELinux
restorecon -RvF /etc/pki
Update Apache SSL configuration file
sudo nano +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf
Modified the paths to match where the new Key is stored
SSLCertificateFile /etc/pki/tls/certs/ca.crt
Then set the correct path for Certification Key file
SSLCertificateKeyFile /etc/pki/tls/private/ca.key
Finally quit and save the file then restart Apache
sudo service httpd restart
3. Configure firewall
The last step to setting up your own SSL certificate is to configure the firewall to accept requests from port 443, which is used for SSL connections.
Command to accept port 443 requests
iptables -A INPUT -p tcp --dport 443 -j ACCEPT
Save ip table
/sbin/service iptables save
iptables -L -v
That’s it! Your web server is now configured and ready for SSL connections.
Feel free to drop me any questions you have at [email protected].
0 Comments