Setting up an SSL secured Webserver with CentOS

This guide will teach you how to configure and setup your own SSL certification on your CentOS web server.

1. Install required software

Use yum to get the following software if its not yet installed on your web server.

yum install mod_ssl openssl

2. Generate a self-signed certificate

The following steps guides you on how to generate your own self-signed certificate.

Generate private key

openssl genrsa -out ca.key 2048

Generate CSR

openssl req -new -key ca.key -out ca.csr

Generate self-signed key

openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Copy the files to the respective locations

cp ca.crt /etc/pki/tls/certs

cp ca.key /etc/pki/tls/private/ca.key

cp ca.csr /etc/pki/tls/private/ca.csr

In cased you have moved the files and not copied them, use the following command to correct SELinux

restorecon -RvF /etc/pki

Update Apache SSL configuration file

sudo nano +/SSLCertificateFile /etc/httpd/conf.d/ssl.conf

Modified the paths to match where the new Key is stored

SSLCertificateFile /etc/pki/tls/certs/ca.crt

Then set the correct path for Certification Key file

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Finally quit and save the file then restart Apache

sudo service httpd restart

3. Configure firewall

The last step to setting up your own SSL certificate is to configure the firewall to accept requests from port 443, which is used for SSL connections.

Command to accept port 443 requests

iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Save ip table

/sbin/service iptables save

iptables -L -v


That’s it! Your web server is now configured and ready for SSL connections.

Feel free to drop me any questions you have at [email protected]