How to Create an SSL Certificate on Apache for CentOS 6

SSL(Self Signed Certificates) are useful for securing the information between  server and the user. It will encrypt the connection made by user to that server. The SSL certificate can reveal the virtual private server’s identification information to the site visitors.

We are going to  create and install Self Signed Certificates on Apache for CentOS 6.


Installing Mod_SSL Package

Before setting up the self-signed certificate, make sure that Apache and mod_SSL are installed on your VPS.  To install the package:

yum install mod_ssl


Create a Directory

You can create a new directory to store the server key and certificate. Execute the command to create the directory:

mkdir /etc/httpd/ssl


Create a Self Signed Certificate

Finally its time to create the self-signed SSL certificate so simply execute the command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

One can specify the validity of the certificate by changing the 365 days to your preference. By default, it expires after one year. The above command will create the self-signed SSL certificate and server key and place them into the newly created directory.

Once you hit the above command  you will need to fill in the required information. Enter your domain name or site’s IP address for ‘Common Name’.

You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
Country Name (2 letter code) [AU]:NP
State or Province Name (full name) [Some-State]:StateName
Locality Name (eg, city) []:CityName
Organization Name (eg, company) [Internet Widgits Pty Ltd]:CompanyName
Organizational Unit Name (eg, section) []:OrganizationName
Common Name (e.g. server FQDN or YOUR name) []                 
Email Address []:[email protected]


Setting Up of Certificate

Now, you need to set up the virtual hosts to display the new certificate. Open the SSL config for editing.

vi /etc/httpd/conf.d/ssl.conf

Search for the line ‘VirtualHost _default_:443’ and make the following changes.

  • The DocumentRoot and ServerName lines have to be uncommented.
  • Replace with your DNS approved domain name or IP address.
  • Search for the last three lines of the snippet and update them accordingly.

Is should look like this:

<VirtualHost _default_:443>

ServerAdmin [email protected]

DocumentRoot /var/www/html



SSLEngine on

SSLCertificateFile /etc/httpd/ssl/

SSLCertificateKeyFile /etc/httpd/ssl/


Now, save and exit out of the file.

Restart Apache

Once it is done you need to restart apache in order to bring in all the changes in place.

/etc/init.d/httpd restart

You are done.

You can verify by typing https://youraddress in your browser to view the created certificate.

KB Admin has written 46 articles