Live Chat Software by NetForChoice
Knowledgebase: SSLCertificate
Procedure for installing ssl certificates on Linux
Posted by on 14 July 2016 02:29 PM

 

Obtaining and installing ssl certificates consists of the following steps:

  1.  Generate a certificate request.
  2.  Send the certificate request to a certificate authority.
  3.  Install the server certificate.
  4.  Set the Directory Server to trust the certificate authority.
  5.  Confirm that the certificates are installed.

Now please follow the instructions pasted below:

Getting Apache to serve up pages over a secure connection requires a little bit of configuration.

 

Step 1. Make sure you have openssl and mod_ssl installed on your CentOS server.

yum install openssl mod_ssl

 

Step 2. Make sure Apache is configured to load the mod_ssl module. In my case, in /etc/httpd/conf/httpd.conf it says:

Include conf.d/*.conf

This little line of code is how the file /etc/httpd/conf.d/ssl.conf gets loaded. The SSL configuration file for Apache is where I ended up putting the configurations for my server.

 

Step 3. Now we’re ready to generate a CSR – Certificate Signing Request. This is something unique to your specific server that you use to generate a CRT (actual SSL certificate file) from your SSL vendor of choice. Note that this process could require several hours or days, along with email confirmations from your domain’s technical or administrative contact.

This page on the CentOS wiki gives you a great overview of the process. SO, let us see how to generate the CSR with a 2048-bit key:

openssl req -nodes -newkey rsa:2048 -keyout your-domain-name.key -out your-domain-name.csr

Now of course you will be replacing your-domain-name with the exact domain name (or subdomain if applicable). By default, using openssl on the command line generates files in the current working directory, but you can pass in the full pathnames if you want, too.

cat /path/to/your-domain-name.csr

 

Step 4. Copy and paste that mess into your SSL vendor’s ‘Paste CSR’ step of SSL Cert activation. This process varies wildly by SSL vendor, and also the level of security of SSL you purchased. Be warned that SSL Certificate authorization emails may be sent to the administrative and technical contacts on file with the domain registrar, too, so this process can take up to a few days.

 

Step 5. Once your SSL certificate is generated, you can download it from your SSL vendor and upload it to your server. If you’re using GoDaddy you’ll need the gd_bundle.crt file too.

 

Step 6. Now that you have your key, SSL Cert (.crt file) and the ca bundle (Certificate Authority) you have to edit the http.conf or ssl.conf file for Apache to know where to load the certificate files. This is how my ssl.conf looks

SSLCertificateFile /etc/pki/tls/certs/your-domain-name.crt SSLCertificateKeyFile /etc/pki/tls/private/your-domain-name.key SSLCACertificateFile /etc/pki/tls/certs/gd_bundle.crt

Step 7. Use apachectl to do a syntax check on the config files

apachectl -t syntax OK

 

Step 8. Fix any typos you made, and finally start or restart Apache:

apachectl restart

At this point you might get excited and try accessing your website at https:// for the first time, but on many configurations, the odds are port 443 is blocked by default. If you get a long connection or timeouts, that’s probably your issue too. So it may be necessary to open port 443 with iptables like this post shows. I found the second one worked

iptables -I INPUT -p tcp -m state --state NEW,ESTABLISHED --dport 443 -j ACCEPTHopefully this helped you.
(0 vote(s))
Helpful
Not helpful

Comments (0)
Post a new comment
 
 
Full Name:
Email:
Comments:
Help Desk Support from NetForChoice