How To Install SSL Certificate on Apache for CentOS 7

By Posted on

How To Install SSL Certificate on Apache for CentOS 7

Securing your website with an SSL (Secure Sockets Layer) certificate is crucial for protecting sensitive data transmitted between your server and users’ browsers. This encryption ensures privacy and builds trust with your visitors. This article provides a step-by-step guide on How To Install SSL Certificate on Apache for CentOS 7. We will cover the process from obtaining your certificate files to configuring Apache to use them, ultimately enabling HTTPS on your website.

Install SSL Certificate on Apache

1. Copy/Paste the Certificate Files into Your Server

The initial step involves transferring your SSL certificate files, obtained from your Certificate Authority (CA), to your CentOS 7 server. These files typically include the certificate itself (.crt or .pem), the private key (.key), and potentially intermediate certificates (CA bundle).

It’s recommended to store these files in a dedicated directory for security and organization. A common practice is to use /etc/ssl/private for the private key and /etc/ssl/certs for the certificate and intermediate certificates. Ensure that the private key is only readable by the root user.

2. Install Mod SSL

Apache requires the mod_ssl module to handle SSL/TLS encryption. If it’s not already installed, you’ll need to install it using the yum package manager.

Refer to a dedicated installation guide to install the mod_ssl.

3. Set Up the Certificate

Now, you need to configure Apache to use your SSL certificate. This involves creating or modifying a virtual host configuration file for HTTPS (port 443).

Start by creating the directory where you will copy the certificate.

$ mkdir -p /etc/ssl/private
$ chmod 700 /etc/ssl/private

Next is setting up the virtual hosts to showcase the new certificate.

$ sudo vi /etc/httpd/conf.d/ssl.conf

The following configuration is added to the ssl.conf file. Ensure to replace www.example.com with your actual domain name and adjust the file paths to match the location of your certificate and key files.

<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName www.example.com
SSLEngine on
SSLCertificateFile /etc/ssl/private/certificate.crt
SSLCertificateKeyFile /etc/ssl/private/private.key
</VirtualHost>
  • DocumentRoot: Specifies the root directory for your website files.
  • ServerName: The domain name for which this virtual host applies.
  • SSLEngine on: Enables SSL/TLS encryption for this virtual host.
  • SSLCertificateFile: Specifies the path to your SSL certificate file.
  • SSLCertificateKeyFile: Specifies the path to your private key file.

After these edits are completed, save and close the file.

Adjust the file names for them to go with your certificate files.

4. Redirect to HTTPS

To ensure all traffic is encrypted, it’s best practice to redirect HTTP (port 80) requests to HTTPS (port 443). This can be achieved by adding a redirect rule to your HTTP virtual host configuration.

To redirect traffic to become SSL encrypted, go ahead and open a file ending in .conf in the /etc/httpd/conf.d directory:

$ sudo vi /etc/httpd/conf/httpd.conf

Add the following configuration to your HTTP virtual host. Again, replace www.example.com with your actual domain name.

<VirtualHost *:80>
        ServerName www.example.com
        Redirect "/" "https://www.example.com/"
</VirtualHost>

This configuration tells Apache to redirect all requests for http://www.example.com/ to https://www.example.com/.

Once completed, save and close the file.

5. Verify Configuration and Restart Apache

Before restarting Apache, it’s crucial to verify your configuration for any syntax errors. This can prevent downtime and ensure a smooth transition.

$ apachectl configtest

If the configuration test is successful, you’ll see the message "Syntax OK". If there are errors, the command will provide information about the location and type of error. Correct any errors before proceeding.

Finally, restart the Apache service to apply the changes.

$ systemctl restart httpd

You are now ready to use the SSL certificate along with your Apache-SSL server. Now your website is secured with HTTPS. You have successfully configured How To Install SSL Certificate on Apache for CentOS 7.

Check out our SSL certificates offers; you can get cheap SSL from all known SSL providers.

Alternative Solutions for How To Install SSL Certificate on Apache for CentOS 7

While the above method outlines a manual approach, there are alternative methods for How To Install SSL Certificate on Apache for CentOS 7 that can simplify the process and automate certificate management. Here are two such alternatives:

1. Using Certbot (Let’s Encrypt)

Certbot is a free, open-source tool that automates the process of obtaining and installing Let’s Encrypt SSL certificates. Let’s Encrypt is a Certificate Authority that provides free SSL certificates, making HTTPS accessible to everyone.

Explanation:

Certbot simplifies the entire process, from certificate request to installation and automatic renewal. It integrates with Apache to automatically configure virtual hosts and set up redirects. This eliminates the need for manual configuration and reduces the risk of errors.

Steps:

  1. Install Certbot:

    sudo yum install epel-release
sudo yum install certbot python3-certbot-apache

  2. Run Certbot:

    sudo certbot --apache -d yourdomain.com -d www.yourdomain.com

    Replace yourdomain.com with your actual domain name. Certbot will guide you through the process, asking for your email address and agreeing to the Let’s Encrypt terms of service. It will then automatically configure Apache to use the certificate.

  3. Automatic Renewal: Certbot automatically sets up a cron job to renew your certificate before it expires.

Code Example:

The core of this method is the certbot command. The --apache flag tells Certbot to use the Apache plugin, which automatically configures Apache. The -d flags specify the domain names for which you want to obtain a certificate.

2. Using a Web Control Panel (cPanel, Plesk, Webmin)

Many web hosting control panels, such as cPanel, Plesk, and Webmin, provide built-in tools for managing SSL certificates.

Explanation:

These control panels offer a graphical interface for installing and managing SSL certificates. They often integrate with Let’s Encrypt or allow you to upload custom certificates. This approach simplifies the process for users who are not comfortable with the command line.

Steps (Example using cPanel):

  1. Log in to cPanel.
  2. Navigate to the "SSL/TLS" section.
  3. Click on "Install and Manage SSL for your site (HTTPS)".
  4. Select the domain for which you want to install the certificate.
  5. Paste the certificate, private key, and CA bundle (if provided) into the corresponding fields.
  6. Click "Install Certificate".

Code Example:

While you don’t directly interact with code when using a web control panel, the panel is essentially automating the same steps we performed manually in the first method. The control panel generates the necessary Apache configuration directives based on your input. You are using How To Install SSL Certificate on Apache for CentOS 7 but in the interface version.

Comparison:

  • Certbot: Ideal for users comfortable with the command line who want a free, automated solution.
  • Web Control Panel: Suitable for users who prefer a graphical interface and may already be using a control panel for other website management tasks.

Both of these alternatives offer significantly easier ways to How To Install SSL Certificate on Apache for CentOS 7 compared to manual configuration, especially for beginners. Choose the method that best suits your technical skills and infrastructure.

Related posts: