SSL

How to Create an SSL Certificate on Apache for CentOS 8

In today’s digital landscape, securing your website is more important than ever. An essential part of that security is the use of SSL (Secure Sockets Layer) certificates, which encrypt the data exchanged between your web server and clients. In this blog post, we’ll walk you through the steps to create an SSL certificate on Apache for CentOS 8, ensuring that your site is secure and trustworthy.

Why Use SSL?

Before diving into the technical steps, let’s briefly discuss why SSL is crucial for your website:

  1. Data Encryption: SSL encrypts the data transmitted between the server and the client, making it safe from eavesdroppers.
  2. Trust: SSL certificates provide an assurance to your visitors that their data is safe, improving trust and credibility.
  3. SEO Benefits: Search engines like Google prioritize secure sites (HTTPS) in their rankings.

With that in mind, let’s get started!

Step 1: Install Apache

If you haven’t already installed Apache on your CentOS 8 server, you can do so by following these commands:

sudo dnf install httpd
sudo systemctl start httpd
sudo systemctl enable httpd

These commands will install Apache and ensure that it starts automatically on boot.

Step 2: Install OpenSSL

OpenSSL is a critical tool for creating and managing SSL certificates. To install OpenSSL on CentOS 8, use the following command:

sudo dnf install mod_ssl openssl

Step 3: Create a Private Key and Certificate Signing Request (CSR)

The first step in creating your SSL certificate is to generate a Private Key and a Certificate Signing Request (CSR). You can accomplish this with the following commands:

# Change to the directory where you want to store your SSL files
cd /etc/ssl/certs

# Generate the private key
sudo openssl genrsa -out yourdomain.key 2048

# Generate the CSR
sudo openssl req -new -key yourdomain.key -out yourdomain.csr

During this process, you will be prompted to enter some information about your organization and domain name. Ensure that you provide accurate data as it will be included in your certificate.

Step 4: Obtain an SSL Certificate

Once you have your CSR, you need to obtain an SSL certificate from a trusted Certificate Authority (CA). You can use a free service like Let’s Encrypt or purchase one from a commercial provider.

Using Let’s Encrypt

To secure your site for free with Let’s Encrypt, you can use Certbot, a tool that automates the process:

  1. Install Certbot:
   sudo dnf install certbot python3-certbot-apache
  1. Obtain and install your SSL certificate:
   sudo certbot --apache
  1. Follow the prompts to set up your certificate.

Using a Commercial Certificate Provider

If you choose to obtain a certificate from a commercial provider, you and the CA will use the CSR you generated in Step 3. After validating your request, they will issue you an SSL certificate file (often named yourdomain.crt or similar), which you will need to upload to your server.

Step 5: Configure Apache to Use SSL

Next, you need to instruct Apache to use your new SSL certificate. Edit the SSL configuration file using your preferred text editor (for example, nano or vim):

sudo nano /etc/httpd/conf.d/ssl.conf

Find the following lines and update them with your paths:

SSLCertificateFile /etc/ssl/certs/yourdomain.crt
SSLCertificateKeyFile /etc/ssl/certs/yourdomain.key
# If you have a CA bundle issued by the CA, include it like this:
SSLCertificateChainFile /etc/ssl/certs/yourdomain.ca-bundle

Make sure you save your changes and exit the text editor.

Step 6: Restart Apache

After configuring Apache, you need to restart the service for the changes to take effect:

sudo systemctl restart httpd

Step 7: Verify Your SSL Installation

To ensure that your SSL certificate is installed correctly, you can use an SSL testing tool such as SSL Labs. Simply enter your domain name, and it will provide a comprehensive analysis of your SSL settings.

Conclusion

Congratulations! You have successfully created and installed an SSL certificate on Apache for your CentOS 8 server. With these steps completed, your website will have a stronger security posture, instilling confidence in your users and improving your SEO performance.

Happy hosting!