How to install OpenSSL on CentOS using a self-signed certificate

Since visitors and search engines put increased trust into sites that are secured with SSL, certificate usage is on the rise. While you would often use a trusted certificate from a well-known CA, sometimes it makes sense to use a self-signed cert. This is especially true when setting up a test or development environment. It takes a few minutes, but it's pretty straightforward and gives you the nice little lock in the browser bar when it's working. I set mine up on my VPS and it worked without issue.

DIFFICULTY Basic - 1 | Medium - 2 | Advanced - 3
TIME REQUIRED 30 min
RELATED PRODUCTS CentOS-based VPS or dedicated servers

Recipe

Install the necessary libraries

yum install mod_ssl

Create a directory to store the keys

mkdir /etc/httpd/pki

Create a self-signed certificate

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/pki/apache.key -out /etc/httpd/pki/apache.crt

You'll be asked to fill out a few fields. The most important line is "Common Name." Enter your official domain name here or, if you don't have one yet, enter your site's IP address.

Edit the config file

vi /etc/httpd/conf.d/ssl.conf

Scroll down until you find the VirtualHost _default_:443 section.

Uncomment the DocumentRoot and ServerName lines.

Change example.com in the ServerName line to either your domain name or server's IP address. Important: This needs to match the common name on the certificate.

ServerName example.com:443

Scroll down and ensure that SSL is configured with the following lines.

SSLEngine on
SSLCertificateFile /etc/httpd/pki/apache.crt
SSLCertificateKeyFile /etc/httpd/pki/apache.key

Save and exit.

Restart Apache

/etc/init.d/httpd restart

That's it!

Test the configuration

Browse to https://your domain name

You should see your site over an SSL connection.

Note: Your browser will likely ask you to trust the self-signed certificate before allowing access to the site. This is an artifact of using a self-signed certificate. For using a certificate that is globally-trusted, here is a link on how to get a trusted SSL certificate.

Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.


Var den här artikeln till hjälp?
Tack för din feedback. Ring vårt supportnummer eller starta chattalternativet ovan om du vill prata med en medarbetare på kundtjänst.
Vi är glada att vi kunde hjälpa till! Finns det något mer vi kan göra för dig?
Det var tråkigt att höra. Berätta vad som var krångligt eller varför lösningen inte hjälpte dig med problemet.