How to Create and Install Self Signed Certificate in Apache in CentOS:
SSL is useful for secure communication between user and web server. Certificate encrypt the data while traveling on public lines, So it will be secure from hackers. Self singed certificates are free to use, but do not use on production environment where confidential data like credit card, PayPal information are used. Click here to read more details about Self-singed certificates.
This how to guide will help you to step by step create and install Self Signed Certificate in Apache in CentOS/RHEL and Fedora Systems.
Step 1: Install mod_ssl Package
In order to setup SSL certificate, make sure mod_ssl is installed on your system. If its not already install, use following command to install it. Also install openssl to create certificate.
# yum install mod_ssl openssl
Step 2: Create Self Signed Certificate
After installing mod_ssl and openssl, Create a self singed certificate for your domain using following command.
# mkdir /etc/httpd/certs # cd /etc/httpd/certs # openssl req -x509 -nodes -newkey rsa:2048 -keyout example.com.key -out example.com.crt
Generating a 2048 bit RSA private key ....................................+++ ...................................+++ writing new private key to 'example.com.key' ----- You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [XX]:IN State or Province Name (full name) :Delhi Locality Name (eg, city) [Default City]:Delhi Organization Name (eg, company) [Default Company Ltd]:LinuxMasters Organizational Unit Name (eg, section) :blog Common Name (eg, your name or your server's hostname) :www.example.com Email Address :firstname.lastname@example.org
The above command will create one ssl key file example.com.key and one certificate file example.com.crt in current directory.
Step 3: Install Self Signed Certificate in Apache
Now you have SSL certificate and key file. Now edit apache SSL configuration file
# vim /etc/httpd/conf.d/ssl.conf
search _default_ vertualhost and make the following changes as per below configuration.
<VirtualHost _default_:443> ServerAdmin email@example.com DocumentRoot /var/www/html ServerName www.example.com ServerAlias example.com SSLEngine on SSLCertificateFile /etc/httpd/certs/example.com.crt SSLCertificateKeyFile /etc/httpd/certs/example.com.key </VirtualHost>
Step 4: Verify Settings and Restart Apache
Before restarting Apache server we recommend to verify Apache configuration
# httpd -t Syntax OK
If above command doesn’t show any error restart Apache service.
# service httpd restart
Step 5: Test Website with HTTPS
Finally open your site in your favorite web browser using https. It required to open port 443 to access site using https.
As we are using self singed certificate, you will get an warning message on browser. You can simply ignore this message using below steps
Firefox User: Expand I Understand the Risks >> Click Add Exception >> Click Confirm Security Exception.
Chrome User: Click Proceed anyway button.
IE Users: Click Continue to this website (not recommended) link.