How to Create and Install Self Signed Certificate in Apache in CentOS

How to Create and Install Self Signed Certificate in Apache in CentOS

How to Create and Install Self Signed Certificate in Apache in CentOS:

SSL is useful for secure communication between user and web server. Certificate encrypt the data while traveling on public lines, So it will be secure from hackers. Self singed certificates are free to use, but do not use on production environment where confidential data like credit card, PayPal information are used. Click here to read more details about Self-singed certificates.

This how to guide will help you to step by step create and install Self Signed Certificate in Apache in CentOS/RHEL and Fedora Systems.

Step 1: Install mod_ssl Package

In order to setup SSL certificate, make sure mod_ssl is installed on your system. If its not already install, use following command to install it. Also install openssl to create certificate.

# yum install mod_ssl openssl

Step 2: Create Self Signed Certificate

After installing mod_ssl and openssl, Create a self singed certificate for your domain using following command.

# mkdir /etc/httpd/certs
# cd /etc/httpd/certs

# openssl req -x509 -nodes -newkey rsa:2048 -keyout example.com.key -out example.com.crt

Output:

Generating a 2048 bit RSA private key
....................................+++
...................................+++
writing new private key to 'example.com.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Delhi
Locality Name (eg, city) [Default City]:Delhi
Organization Name (eg, company) [Default Company Ltd]:LinuxMasters
Organizational Unit Name (eg, section) []:blog
Common Name (eg, your name or your server's hostname) []:www.example.com
Email Address []:admin@example.com

The above command will create one ssl key file example.com.key and one certificate file example.com.crt in current directory.

Step 3: Install Self Signed Certificate in Apache

Now you have SSL certificate and key file. Now edit apache SSL configuration file

# vim /etc/httpd/conf.d/ssl.conf

search _default_ vertualhost and make the following changes as per below configuration.

<VirtualHost _default_:443>
    ServerAdmin admin@example.com
    DocumentRoot /var/www/html
    ServerName www.example.com
    ServerAlias example.com
    SSLEngine on
    SSLCertificateFile /etc/httpd/certs/example.com.crt
    SSLCertificateKeyFile /etc/httpd/certs/example.com.key
</VirtualHost>

Step 4: Verify Settings and Restart Apache

Before restarting Apache server we recommend to verify Apache configuration

# httpd -t

Syntax OK

If above command doesn’t show any error restart Apache service.

# service httpd restart

Step 5: Test Website with HTTPS

Finally open your site in your favorite web browser using https. It required to open port 443 to access site using https.

  https://www.example.com/

As we are using self singed certificate, you will get an warning message on browser. You can simply ignore this message using below steps

Firefox User: Expand I Understand the Risks >> Click Add Exception >> Click Confirm Security Exception.
Chrome User: Click Proceed anyway button.
IE Users: Click Continue to this website (not recommended) link.