How to install SSL Certificate on Linux (CentOS), Amazon EC2, Apache Server

SSL(Secured Socket Layer) is a protocol that creates a secured and encrypted connection between browser and the server to prevent any crucial data hijacking. Generally web servers serves data using HTTP protocol (Port 80). But SSL works on HTTPS protocol (Port 443) instead. In this tutorial you will learn How to install SSL Certificate on Linux (CentOS), Amazon EC2, Apache server.

Install required modules:

To install SSL certificate first you need to install openssl apache service and mod_ssl php module on the server. Using following commands you can install both of these packages on apache/centos server.

yum install openssl
# For apache 2.2
yum install mod_ssl
# For apache 2.4
yum install mod24_ssl

Generate Private Key and CSR (Certificate Signing Request):

After installing these ssl configuration file (ssl.conf) is created in /etc/httpd/conf.d directory. Using this configuration we’ll install our certificates. We’ll do it later. Our next task is to create private key and CSR(Certificate Signing Request) file. The CSR file is used to generate certificate for a particular server. First of all we’ll create a separate directory in /etc/pki/tls directory where we’ll keep our all files. Following are the list of commands to create a custom directory and generate csr file:

cd /etc/pki/tls
mkdir ssl
cd ssl
openssl genrsa -out private.key 2048
openssl req -new -sha256 -key private.key -out domain.csr

During creation of CSR, you have to provide following information:

DN Field Explanation Example
Common Name The fully qualified domain name for your web server. This must be an exact match. If you intend to secure the URL, then your CSR’s common name must be If you plan on getting a wildcard certificate make sure to prefix your domain with an asterisk, example: *
Organization The exact legal name of your organization. Do not abbreviate your organization name.
Organization Unit Section of the organization IT
City or Locality The city where your organization is legally located. New Delhi
State or Province The state or province where your organization is legally located. Can not be abbreviated. Delhi
Country The two-letter ISO abbreviation for your country. IN

Generate SSL from the SSL provider website:

Now copy the content of CSR file(with .csr extension). You can download this file or copy the content of this file. Now goto your SSL provider website and create request for generate a new certificate. While generating certificate it will ask you to provide CSR. Now paste the content of CSR file we generated in earlier. It will take a while to verify your domain and CSR. After successful verification download the certificates. You will get two files from SSL provider server.crt and ca-bundle.crt. File name may differ but there must be two files.

You can purchase economical SSL certificate from

Install Certificate on the Server:

Our next task to upload these files to server and configure the ssl.conf file. Upload the both certificate files in /etc/pki/tls/ssl directory that we created earlier. Now open /etc/httpd/conf.d/ssl.conf file in vi or nano editor. Modify the file and make sure values of following parameters should be set to their appropriate values.

SSLEngine on
SSLCertificateKeyFile /etc/pki/tls/ssl/domain.key
SSLCertificateFile /etc/pki/tls/ssl/server.crt
SSLCACertificateFile /etc/pki/tls/ssl/ca-bundle.crt

Save and close the ssl.conf file. To make the changes affect you need to restart the apache server. Use the following command to restart the apache server.

service httpd restart

All done. Now you can access your website using HTTPS protocol i.e.

Note:- If you do not have root access of your server then you need to use sudo command as prefix for all commands.

About the author

Sujeet Kr Singh