SSL(Self Signed Certificates) are useful for securing the information between server and the user. It will encrypt the connection made by user to that server. The SSL certificate can reveal the virtual private server’s identification information to the site visitors.
We are going to create and install Self Signed Certificates on Apache for CentOS 6.
Installing Mod_SSL Package
Before setting up the self-signed certificate, make sure that Apache and mod_SSL are installed on your VPS. To install the package:
yum install mod_ssl
Create a Directory
You can create a new directory to store the server key and certificate. Execute the command to create the directory:
mkdir /etc/httpd/ssl
Create a Self Signed Certificate
Finally its time to create the self-signed SSL certificate so simply execute the command:
openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt
One can specify the validity of the certificate by changing the 365 days to your preference. By default, it expires after one year. The above command will create the self-signed SSL certificate and server key and place them into the newly created directory.
Once you hit the above command you will need to fill in the required information. Enter your domain name or site’s IP address for ‘Common Name’.
You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----- Country Name (2 letter code) [AU]:NP State or Province Name (full name) [Some-State]:StateName Locality Name (eg, city) []:CityName Organization Name (eg, company) [Internet Widgits Pty Ltd]:CompanyName Organizational Unit Name (eg, section) []:OrganizationName Common Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:[email protected]
Setting Up of Certificate
Now, you need to set up the virtual hosts to display the new certificate. Open the SSL config for editing.
vi /etc/httpd/conf.d/ssl.conf
Search for the line ‘VirtualHost _default_:443’ and make the following changes.
- The DocumentRoot and ServerName lines have to be uncommented.
- Replace example.com with your DNS approved domain name or IP address.
- Search for the last three lines of the snippet and update them accordingly.
Is should look like this:
<VirtualHost _default_:443> ServerAdmin [email protected] DocumentRoot /var/www/html ServerName www.example.com ServerAlias example.com SSLEngine on SSLCertificateFile /etc/httpd/ssl/example.com.crt SSLCertificateKeyFile /etc/httpd/ssl/example.com.key </VirtualHost>
Now, save and exit out of the file.
Restart Apache
Once it is done you need to restart apache in order to bring in all the changes in place.
/etc/init.d/httpd restart
You are done.
You can verify by typing https://youraddress in your browser to view the created certificate.
