30/11/2020

Install self-signed certificate CentOS 8

Install self-signed certificate

1. Install mod_ssl; which is an Apache module that provides support for SSL Encryption

yum install mod_ssl

2. Create a directory to store the certificates and the keys
(I will be creating /etc since config-files are usually stored it this directory.

mkdir /etc/ssl/private

3. Make sure that only root user has access to the directory.

chmod 700 /etc/ssl/private

4. Generate the SSL keys and certificates using the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-selfsigned.key -out /etc/ssl/certs/apache-selfsigned.crt

  • req -x509: specifies we want to use X.509 certificate signing request.
  • -nodes: tells openssl to skip the option to secure the certificate with a passphrase since we need Apache to be able to read the file without user intervention.
  • -days 365: Sets the length of time the certificate will be considered valid.
  • -newkey rsa:2048: specifies generate a new certificate and new key at the same time and the key is RSA Key and 2048 bits long.
  • -keyout: tells openssl where to place the generated private key file we are creating.
  • -out: tells openssl where to place the certificate we are creating.


5. Edit the SSL configuration file (mine will be):

vim /etc/httpd/conf.d/ssl.conf



6. Run the following command for syntax errors:

apachectl configtest

7. Allow SSL through Firewall:

firewall-cmd –permanent –add-service=https

8.Add Listen 443 to the default httpd.conf file.

9. Restatrt apache.

systemctl restart httpd

9. Test your website in browser using https.

Leave a Reply

Your email address will not be published.