SSL(Secured Socket Layer) is a protocol that creates a secured and encrypted connection between browser and the server to prevent any crucial data hijacking. Generally web servers serves data using HTTP protocol (Port 80). But SSL works on HTTPS protocol (Port 443) instead. In this tutorial you will learn How to install SSL Certificate on Linux (CentOS), Amazon EC2, Apache server.
Install required modules:
To install SSL certificate first you need to install openssl apache service and mod_ssl php module on the server. Using following commands you can install both of these packages on apache/centos server.
yum install openssl # For apache 2.2 yum install mod_ssl # For apache 2.4 yum install mod24_ssl
Generate Private Key and CSR (Certificate Signing Request):
After installing these ssl configuration file (ssl.conf) is created in /etc/httpd/conf.d directory. Using this configuration we’ll install our certificates. We’ll do it later. Our next task is to create private key and CSR(Certificate Signing Request) file. The CSR file is used to generate certificate for a particular server. First of all we’ll create a separate directory in /etc/pki/tls directory where we’ll keep our all files. Following are the list of commands to create a custom directory and generate csr file:
cd /etc/pki/tls mkdir ssl cd ssl openssl genrsa -out private.key 2048 openssl req -new -sha256 -key private.key -out domain.csr
During creation of CSR, you have to provide following information:
| DN Field | Explanation | Example |
| Common Name | The fully qualified domain name for your web server. This must be an exact match. | If you intend to secure the URL https://www.domain.com, then your CSR’s common name must be www.yourdomain.com. If you plan on getting a wildcard certificate make sure to prefix your domain with an asterisk, example: *.domain.com. |
| Organization | The exact legal name of your organization. Do not abbreviate your organization name. | domain.com |
| Organization Unit | Section of the organization | IT |
| City or Locality | The city where your organization is legally located. | New Delhi |
| State or Province | The state or province where your organization is legally located. Can not be abbreviated. | Delhi |
| Country | The two-letter ISO abbreviation for your country. | IN |
Generate SSL from the SSL provider website:
Now copy the content of CSR file(with .csr extension). You can download this file or copy the content of this file. Now goto your SSL provider website and create request for generate a new certificate. While generating certificate it will ask you to provide CSR. Now paste the content of CSR file we generated in earlier. It will take a while to verify your domain and CSR. After successful verification download the certificates. You will get two files from SSL provider server.crt and ca-bundle.crt. File name may differ but there must be two files.
Install Certificate on the Server:
Our next task to upload these files to server and configure the ssl.conf file. Upload the both certificate files in /etc/pki/tls/ssl directory that we created earlier. Now open /etc/httpd/conf.d/ssl.conf file in vi or nano editor. Modify the file and make sure values of following parameters should be set to their appropriate values.
SSLEngine on SSLCertificateKeyFile /etc/pki/tls/ssl/domain.key SSLCertificateFile /etc/pki/tls/ssl/server.crt SSLCACertificateFile /etc/pki/tls/ssl/ca-bundle.crt
Save and close the ssl.conf file. To make the changes affect you need to restart the apache server. Use the following command to restart the apache server.
service httpd restart
All done. Now you can access your website using HTTPS protocol i.e. https://domain.com
Note:- If you do not have root access of your server then you need to use sudo command as prefix for all commands.
