SSL Certificate installation on httpd (CentOS)
- Category : SSL Installation
- Posted on : Apr 17, 2020
- Views : 1,567
- By : HostSEO
Note: Before you begin, ensure youâ$™re all set with the prerequisites. |
SSL installation instructions for Debian & Ubuntu |
Installation steps
- Enabling SSL/TLS support on Apache
Now we need to make sure that SSL/TLS support is enabled on the webserver. For serving secure connections, the â$œmod_sslâ$ module is used. To check if it is installed on the server, use the following command:
httpd -M | grep ssl
If this module is installed, the server will respond as follows:
If the server does not show any SSL modules in the output, it will be necessary to install mod_ssl.
Use â$œyumâ$ package manager to download and enable the needed component. Here is the simple command for doing this:
sudo yum install mod_ssl
Confirm the installation by typing â$œy
â$ and pressing â$œEnterâ$ key.
After the module is successfully installed, if there are no SSLs configured on this server yet, the command â$œhttpd -S
â$ may respond with an error message regarding the missing SSL certificate:
The new SSL configuration file generated automatically is marked with green. It was generated during the installation of the â$œmod_sslâ$ component.
The default location and name of the SSL configuration file is/etc/httpd/conf.d/ssl.conf
If the SSL certificate was installed before, you will see the path of the currently used configuration file near the relevant domain name in thehttpd -S
output:
The configuration file is the file where we need to provide the path to the SSL certificate, CA Bundle file, and the Private key files.
Note: To be on the safe side, you can save the original file as a backup, so that you can safely create a new one if necessary. This can be done by running the following command:
mv /path/to/old_filename /path/to/new_filename
By doing this, we are â$œmovingâ$ our file to its new location, which includes its final filename.
In our test case, the command will be:
mv /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.backup
The initial configuration file version will be renamed tossl.conf.backup
, and you can start editing thessl.conf
file freely without being afraid to break something, since you have the previous working configuration file backup which can be restored if needed.
- Configuring the webserver
If the SSL certificate was not installed on the server before, it will be necessary to create a new SSL configuration file.
It can be done using one of the popular text editors, such as nano, vi, etc.
The command for the file creation will be nano ssl.conf or vim ssl.conf respectively.
We suggest creating the SSL configuration file in the following path:
/etc/httpd/conf.d/ssl.conf
If you already have the configuration file created, please open it for editing instead of creating a new file. We suggest creating a backup of the configuration file to have a working backup to revert the changes if needed. To create a backup, copy the old configuration file using the following command:
cp /path/to/ssl.conf /path/to/ssl.conf.backup
After that, check the file content and ensure that it has all the necessary lines and values from the example configuration file for configuring the secure connection.
For a new file, please add the following lines, making sure to modify them with the exact values of your domain name, document root and paths to the SSL certificate, Private key and CA bundle.
Here is the configuration file example:
Listen 443
ServerName (DOMAIN NAME OF THE WEBSITE)
DocumentRoot (ROOT FOLDER OF THE WEBSITE)
SSLEngine on
SSLCertificateFile (Certificate PATH)
SSLCertificateKeyFile (Private key PATH)
SSLCertificateChainFile (CA Bundle PATH)
If there are several websites being hosted on the same server, make sure to add separateparts for the corresponding websites. However, please keep in mind that
Listen 443
should be present only once in the whole configuration file.
In our case, the configuration file looks as follows:
Listen 443
ServerName example.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/1.crt
SSLCertificateKeyFile /etc/ssl/1.key
SSLCertificateChainFile /etc/ssl/1.ca-bundle
- Checking the configuration file and restarting the webserver
Now, make sure to check the file syntax by running this command:
httpd -t
If the command responds with â$œSyntax OKâ$, you are free to reboot the Apache service. To do that, run the command:
sudo service httpd restart
If the command output shows some errors, we suggest double-checking that all installation steps were done properly. Head to the Tips and troubleshootings section of this guide for further steps.
Once restarted, the Apache server should add the newly created SSL configuration file to its settings. To check it, run the following command:
httpd -S
Done! The website is now secured. The installation can be checked here.
There are no further obligatory actions for securing your domain name, however, you might wish to set up a HTTPS redirect for the website to be switched to a secured version automatically without entering https:// manually into the browser address bar. For a more detailed explanation about setting up the redirect, check this page.
- Enabling SSL/TLS support on Apache
If there are issues with the installation, make sure to double-check this guide step-by-step to avoid mistakes. Be sure to check the troubleshooting section too.
Tips and troubleshooters
If you face any SSL-related issues with your Apache-based website, here is how to troubleshoot the most known errors that might occur during the restart:
- X509_check_private_key:key values mismatch
- 'Invalid command 'SSLEngine' error
- Untrusted and Missing Intermediate Certificate Error
- 0906D066:PEM routines:PEM_read_bio:bad end line
Here are some more useful tips about the process:
- If you face a â$˜permission deniedâ$™ error when running a command, try adding the â$˜sudoâ$™ parameter before the command and run it once again.
For instance, ifnano ssl.conf
results inPermission denied
, you can try runningsudo nano ssl.conf
instead.
Adding sudo will grant you â$˜superuserâ$™ permissions and the ability to perform some actions that require root user access without real root access.
Please keep in mind that you may need to enter a password for the sudo user during this operation. Its symbols might not be shown when entering (for security reasons), however, the password will be accepted if entered properly. This password may have been given to you by your server admin or hosting provider support team, so if you donâ$™t know the password, we suggest contacting them for further assistance. - If you see that the SSL has been installed without the CA bundle, it is possible to add the CA bundle without any significant changes to the configuration settings.
In this case, please find the SSL configuration file on your server by following the steps in the guide for apache2 or httpd. Locate the path to the SSLCertificateFile in the configuration file, and open the file via that path for editing. You will see one block of code there (which is the SSL itself). You can download the CA bundle file from your Namecheap account (it is downloaded in the same archive with the SSL certificate) or from this page and copy the whole .ca-bundle file contents to the opened SSLCertificateFile.
The new CA bundle codes should be entered from the new line after the SSL code which is already present there, without adding any new lines between them, like this:
Categories
- cPanel Question 47
- cPanel Software Management 29
- cPanel Tutorials 13
- Development 29
- Domain 13
- General 19
- Linux Helpline (Easy Guide) 156
- Marketing 47
- MySQL Question 13
- News 2
- PHP Configuration 14
- SEO 4
- SEO 42
- Server Administration 84
- SSL Installation 54
- Tips and Tricks 24
- VPS 3
- Web Hosting 44
- Website Security 22
- WHM questions 13
- WordPress 148
Subscribe Now
10,000 successful online businessmen like to have our content directly delivered to their inbox. Subscribe to our newsletter!Archive Calendar
Sat | Sun | Mon | Tue | Wed | Thu | Fri |
---|---|---|---|---|---|---|
1 | 2 | 3 | 4 | 5 | 6 | |
7 | 8 | 9 | 10 | 11 | 12 | 13 |
14 | 15 | 16 | 17 | 18 | 19 | 20 |
21 | 22 | 23 | 24 | 25 | 26 | 27 |
28 | 29 | 30 | 31 |
Recent Articles
-
Posted on : Sep 17
-
Posted on : Sep 10
-
Posted on : Aug 04
-
Posted on : Apr 01
Tags
- ts
- myisam
- vpn
- sql
- process
- kill
- tweak
- server load
- attack
- ddos mitigation
- Knowledge
- layer 7
- ddos
- webmail
- DMARC
- Development
- nginx
- seo vpn
- Hosting Security
- wireguard
- innodb
- exim
- smtp relay
- smtp
- VPS Hosting
- cpulimit
- Plesk
- Comparison
- cpu
- encryption
- WHM
- xampp
- sysstat
- optimize
- cheap vpn
- php-fpm
- mariadb
- apache
- Small Business
- Error
- Networking
- VPS
- SSD Hosting
- Link Building
- centos
- DNS
- optimization
- ubuntu