How to install ssl certificate on centos

13. January 2016 SSL 0

SSL Certificate

A SSL certificate is a way to encrypt a site’s information and create a more secure connection. In order to install an SSL certificate you have to follow main four steps:
1) Create CSR and Private Key
2) Purchase an SSL certificate from a provider ( you can purchase from here )
3) Submit the CSR to the provider and they will email you the certificate
4) Add the certificate to the server

Step One: Install Mod SSL
Install apache SSL module and restart the apache service
yum install mod_ssl

service httpd restart

If you use any firewall, please make sure the port 443 is opened.

Step Two :  Generate the CSR and Private Key

Let’s create these files on a directory called /etc/httpd/ssl ( you can store this anywhere on the server )

mkdir /etc/httpd/ssl
cd /etc/httpd/ssl
openssl req -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
This will ask you to enter few information and please provide accurate information. If there are any error , you can delete the two files example.com.key and example.com.csr and run the command again.

Step Three:  Purchase an SSL certificate

Purchase an SSL certificate from your desired provider and submit the generated CSR and the provider will email you an SSL certificate and intermediate certificate.

Step Four:  Install the certificate

Let’s keep the certificate and intermediate certificate in /etc/httpd/ssl

I assume that we have following files in /etc/httpd/ssl

example.com.key
example.com.csr
example.com.crt
inter-mediate-certificate.crt ( optional , but browsers may show warning if this is not installed on server )

Now edit  /etc/httpd/conf/ssl.conf and add below lines

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/example.com.key
SSLCertificateChainFile /etc/httpd/ssl/inter-mediate-certificate.crt

If you use many websites on your server, you can add this inside the virtual host

<VirtualHost *:443>
ServerName example.com
DocumentRoot /home/user/public_html
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/example.com.crt
SSLCertificateKeyFile /etc/httpd/ssl/example.com.key
SSLCertificateChainFile /etc/httpd/ssl/inter-mediate-certificate.crt
</VirtualHost>