Loading...This guide outlines the process of installing an SSL certificate on the Apache Web Server hosted on CentOS 6 and CentOS 7.
Before starting the installation process, kindly log in to your CentOS server using a non-root user account that has sudo privileges. It’s also essential to confirm that the Apache web server is already set up and running on your system.
CSR and Private Key Generation
In order to get the certificate issued, it is required to complete the certificate generation by submitting the CSR to the vendor and passing the verification.
The following steps will walk you through the CSR (Certificate Signing Request), which needs to be submitted to the vendor, and Private Key generation, which you will need for the certificate installation.
You may use the online tools as CheapSSLSecurity CSR Generator ( https://cheapsslsecurity.com/ssltools/csr-generator.php) or generate the key pair directly on the server.
Let’s have a look at how to generate the CSR and Private Key on an Apache server.
Step 1: Connect to Your Server
Start by accessing your server’s terminal using Secure Shell (SSH). This will allow you to run commands directly on the server.
Step 2: Create Private Key and CSR
Please use the OpenSSL tool to generate your Private Key and CSR files. Type the following command:
IMPORTANT! Make sure to replace example with your actual domain name.
Step 3: Enter Certificate Information
After running the command, you will be prompted to input details for your certificate.
- Country Name: Enter the two-letter country code (for example, IT for Italy).
- State or Province Name: Full name of your state or region.
- Locality Name: Your city or town’s name.
- Organization Name: The company’s legal name.
- Organizational Unit Name: Typically “IT” or “Web Administration”.
- Common Name: Your Fully Qualified Domain Name (FQDN).
- Email Address: Enter a valid email address.
IMPORTANT! The optional fields, such as Challenge Password, may be left blank.
Step 4: Generate Files
After completing the prompts, OpenSSL will create two files:
Private Key File (.key file): Please save the Private Key as you will need it later for the certificate installation.
CSR (.csr file): You will need to submit it to the vendor to proceed with the certificate generation.
To check if the CSR was created correctly, you can view its contents with the following command:
This will display the CSR details and confirm its validity.
You have successfully generated a CSR on your Apache server. Please submit it to the vendor via the order page in the CheapSSLSecurity Client Area and proceed with the order verification.
Here you may check more detailed information regarding the order validation process
https://knowledge.cheapsslsecurity.com/support/solutions/folders/22000164534
SSL Installation on CentOS 6 or 7
Step 1: Verify and Install mod_ssl on Your System
Begin by executing the following command to determine if mod_ssl is already installed on your system.
If it appears that mod_ssl is not present, proceed with the installation using this command:
Step 2: Upload SSL Files to Apache Server
It is required to upload the SSL Certificate, Intermediate, and Root files provided by the vendor, as well as include the Private Key file that was generated during the CSR creation process described above.
Step 3: Accessing Apache Configuration Modifying ssl.conf or httpd.conf
To proceed, execute the following commands to create a backup and edit the configuration file:
# nano /etc/httpd/conf.d/ssl.conf
The configuration file may have the following content:
ServerName
example.tld
DocumentRoot
/var/www/html
SSLEngine on
SSLCertificateFile /etc/httpd/conf/ssl.crt/example.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/example.key
SSLCACertificatePath /etc/httpd/conf/ssl.chain/ca_bundle.crt
IMPORTANT! Please enter the absolute path according to your Apache version. Be sure to replace the placeholders with the actual names of your files.
For the Apache versions older than the 2.4.8, the CA-bundle should be specified as SSLCertificateChainFile and for Apache 2.4.8 and higher please use SSLCertificatePath to specify the Intermediate + Root bundle path.
Additionally, remember to adjust the permissions for the certificate key file using this command:
IMPORTANT! Please do not forget to replace the “example.tld” or “example” with your actual domain name.
Step 4: Restarting the Apache Server
Here is a server command
Once you’ve completed the configuration, don’t forget to save your changes before restarting the Apache server. After restarting, your SSL installation will be finalized and ready for use!
