About SSL Certificates
SSL certificates are used to encrypt data between a computer and the specified server – in turn creating a secure connection. SSL certificates can either be self-signed or issued by a trusted CA. The reason why all major sites do not use self-signed certificates is because all browsers will recognise the site to be using a self-signed (and untrusted) certificate and display a warning page whereas when using a certificate signed by a trusted CA, the browser will, in most cases, recognise it and allow you to proceed to the site. In this tutorial, we will be using self-signed certificates as they are free to make/issue.
Before starting to follow this guide, there are a few requirements creating and installing an SSL certificate.
- A Dedicated Server or VPS running CentOS 6 or later with Apache installed
- At least 512MB RAM
- Root Privileges
Once you acquire everything that is required, you may start following this guide. (This guide has only been tested on CentOS 6)
Step One – Installing Mod SSL
To install Mod SSL, please use the command:
yum install mod_ssl
Step Two – Creating a Storage Area
We now need to create a directory to store our server key and certificate:
Step Three – Creating our Self Signed Certificate
Using the command below, we can generate our own self-signed certificate. A you can see below, you are able to change the value “365” to something longer if you would like your certificate to remain valid for much longer (in days).
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
The command will ask for user input, such as your organizations country. The most important line is the Common Name – this is essentially the domain name that you would like to secure or the site’s IP.
Step Four – Set up the SSL Certificate
Now we have all of the required components of the finished certificate. The next thing to do is to set up the virtual hosts file to display our newly made certificate.
Open up the SSL Config file:
Find the section that begins with <VirtualHost _default_:443>. Uncomment the DocumentRoot and ServerName line and replace example.com with your domain name or server IP address (it should be the same as the common name on the certificate if you do not want to get any errors):
You should also find the following three lines, and make sure that they match the extensions below:
SSLEngine on SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key
Your Virtual Hosts file has now been correctly configured and set up – time for the last step!
Step Five – Restarting Apache
Time to restart Apache:
That’s all that there was to it – your SSL has been installed and there’s nothing else left for you to do other than to check your site out at https://yourdomain.tld/