Monthly Archives: November 2014

Creating an SSL Certificate – Apache & CentOS 6

By | Tutorials | No Comments

About SSL Certificates

SSL certificates are used to encrypt data between a computer and the specified server – in turn creating a secure connection.  SSL certificates can either be self-signed or issued by a trusted CA.  The reason why all major sites do not use self-signed certificates is because all browsers will recognise the site to be using a self-signed (and untrusted) certificate and display a warning page whereas when using a certificate signed by a trusted CA, the browser will, in most cases, recognise it and allow you to proceed to the site.  In this tutorial, we will be using self-signed certificates as they are free to make/issue.

Prerequisites

Before starting to follow this guide, there are a few requirements creating and installing an SSL certificate.

  • A Dedicated Server or VPS running CentOS 6 or later with Apache installed
  • At least 512MB RAM
  • Root Privileges

Once you acquire everything that is required, you may start following this guide. (This guide has only been tested on CentOS 6)

Step One – Installing Mod SSL

To install Mod SSL, please use the command:

yum install mod_ssl

Step Two – Creating a Storage Area

We now need to create a directory to store our server key and certificate:

mkdir /etc/httpd/ssl

Step Three – Creating our Self Signed Certificate

Using the command below, we can generate our own self-signed certificate.  A you can see below, you are able to change the value “365” to something longer if you would like your certificate to remain valid for much longer (in days).

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

The command will ask for user input, such as your organizations country.  The most important line is the Common Name – this is essentially the domain name that you would like to secure or the site’s IP.

Step Four – Set up the SSL Certificate

Now we have all of the required components of the finished certificate. The next thing to do is to set up the virtual hosts file to display our newly made certificate.

Open up the SSL Config file:

nano /etc/httpd/conf.d/ssl.conf

Find the section that begins with <VirtualHost _default_:443>.  Uncomment the DocumentRoot and ServerName line and replace example.com with your domain name or server IP address (it should be the same as the common name on the certificate if you do not want to get any errors):

ServerName example.com:443

You should also find the following three lines, and make sure that they match the extensions below:

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

Your Virtual Hosts file has now been correctly configured and set up – time for the last step!

Step Five – Restarting Apache

Time to restart Apache:

/etc/init.d/httpd restart

That’s all that there was to it – your SSL has been installed and there’s nothing else left for you to do other than to check your site out at https://yourdomain.tld/