Learn to create SSL Certificate for Apache Server
Hello Linux-fanatics, in our earlier tutorial we learned to create apache web server with Name based hosting & IP based hosting. If you have not read it, read it now because we will need a working apache web-server for this tutorial. In this tutorial, we are going to learn to secure our website with a SSL certificate.
What is SSl certificate & why do we need it ?
SSL or Secure Socket Layer is web protocol, which is used to encrypt our web-server traffic. Data transfer during website access is in plain text which can easily be hacked. This might not seem like a threat when we are reading tutorials on Linuxtechlab.com but it will be a major issue when you are shopping at amazon & someone hacks your credit card info. So in order to prevent any eavesdropping/hacking , we secure our websites with a SSL certificate. If our website has a SSL cert & someone hacks the data, it will be of no use to him since it will be encrypted.
If you have a website that is accessed globally, we need to get an SSL certificate from a Global certificate authorities (CAs) as self-signed certificates, which we will be creating, are not identified by web-browsers. Self-signed certificates are signed by the same person as the person creating & are good for internal & testing purposes.
Now let’s create a self-signed certificate,
Firstly, we will need a working apache web-server with a website of at least a single page hosted,
Secondly, we will need the ‘mod_ssl’ & ‘openssl’ installed on our web-server. We can install them by using YUM
We will now generate the certificate using the following steps, but first let’s create a folder where we will be doing our certificate generation
Now, we can create a self-signed key and certificate pair with OpenSSL in a single command by typing
here, openssl is the command for creating and managing ssl,
req –x509 is public key infrastructure for ssl,
-nodes, means we don’t need a passphrase,
-days 365 is the validity of the certificate,
-newkey rsa:2048 means cert will 2048 bit long,
-keyout, means where to place Private key,
-out means where to place our certificate.
Once you run this command you will asked to provide some information , provide the information & your certificate will be created.
Adding Certificate to Web Server
After generating the certificate, we need to add in to our apache server. Open ‘/etc/httpd/conf.d/ssl.conf’ & we will make some changes to it
Now search for the line with ‘VirtualHost _default_:443’ & change the server name to one you used as common name on your ssl certificate (test1.com), so it look like
. . .
Next we will add the path to our certificate & Private Key,
After making these changes, save & exit the file. Restart your apache service
& now open your web browser & try accessing your website using https,
Voila, its works, this completes out tutorial. Please feel free to mention any queries/comments in the comment box down below.