1. Technology

How to Create a Self-Signed SSL Certificate on CentOS

An SSL certificate is an electronic ‘document’ that is used to bind together a public security key and a website’s identity information (such as name, location, etc.) by means of a digital signature. The ‘document’ is issued by a certificate provider such as GlobalSign, Verisign, GoDaddy, Comodo, Thawte, and others. For more information, visit the article: What is an SSL Certificate?

In this article we’re going to be covering how to create a self-signed SSL certificate and assign it to a domain in Apache. Self-signed SSL certificates add security to a domain for testing purposes, but are not verifiable by a third-party certificate provider. Thus, they can result in web browser warnings.

Pre-Flight Check
  • These instructions are intended for creating a self-signed SSL certificate and assigning it to a domain in Apache.
  • I’ll be working from a Liquid Web Core Managed CentOS 6.5 server, and I’ll be logged in as root.

Step #1: View Loaded Apache Modules, Load SSL if Necessary

First let’s view whether Apache 2 already has the SSL module loaded using information from our article on How to List Which Apache 2 Modules are Enabled on CentOS 6:

apachectl -M | grep ssl

The module is already loaded if the result of the above command is:

ssl_module (shared)

If it is not loaded, then it is possible that mod_ssl is not installed. Install mod_ssl:

yum -y install mod_ssl

And now we’ll restart Apache:

service httpd restart

Step #2: Setup the Environment, and Create the Self-signed SSL Certificate

Make a directory to store the certificate and the server key:

mkdir /etc/httpd/ssl

Generate the SSL via OpenSSL with the following command:

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt

The above command will generate a 2048 -bit private key and corresponding CSR that remains valid for 365 days, and place those files into the new directory. The output of the above command will result in the following, of which you’ll need to answer a few questions:

Generating a 2048 bit RSA private key
........................................................+++
.................+++
writing new private key to '/etc/httpd/ssl/apache.key'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [XX]:US
State or Province Name (full name) []:Michigan
Locality Name (eg, city) [Default City]:Lansing
Organization Name (eg, company) [Default Company Ltd]:Liquid Web
Organizational Unit Name (eg, section) []:KB
Common Name (eg, your name or your server's hostname) []:kb.thebestfakedomainnameintheworld.com
Email Address []:email@thebestfakedomainnameintheworld.com

Tip: It is very important that the Common Name be set appropriately. Enter your fully qualified domain name (FQDN) here or, if you don’t have an FQDN, then your site’s IP address.
Step #3: Add the Self-signed SSL Certificate to Apache

For a refresher on editing files with vim see: New User Tutorial: Overview of the Vim Text Editor

Now that the private key and associated CSR have been generated, we need to edit the SSL configuration file for Apache:

vim /etc/httpd/conf.d/ssl.conf

Find the section:

VirtualHost _default_:443

And add the following Virtual Host configuration on the next line:

ServerName kb.thebestfakedomainnameintheworld.com:443

Be sure to replace kb.thebestfakedomainnameintheworld.com with your fully qualified domain name or server IP address for your Virtual Host. Keep in mind, that the domain should be the same as the Common Name specified in the previous step.

Verify that the following variables are set appropriately in the same file:

SSLEngine on
SSLCertificateFile /etc/httpd/ssl/apache.crt
SSLCertificateKeyFile /etc/httpd/ssl/apache.key

Then exit and save the file with the command :wq .

Step #4: Restart Apache

Then restart Apache once more:

service httpd restart

In this tutorial my test domain was kb.thebestfakedomainnameintheworld.com, so I can now visit https://kb.thebestfakedomainnameintheworld.com to test the SSL certificate setup. Use https://yourdomain to test your new self-signed SSL certificate!

Want to Try This Tutorial?

Launch a Free* Storm Server

*For new customers only

<!– –><!– –>

Thank you. Your request has been submitted and we’ll be sending you a $75 Storm coupon shortly!

No Comments
Comments to: How to Create a Self-Signed SSL Certificate on CentOS

Recent Articles

Good Reads

Groundnut oil is a popular choice⁤ for cooking⁢ in many households due to ‍its ⁤versatility and health benefits. However, it is important to ensure that the groundnut oil you are⁣ using is of high quality and purity. In this guide, we will discuss simple and practical ways to identify top-notch groundnut oil for cooking, including […]
Larimar ‍is​ a ⁣stunning blue gemstone found exclusively in the Dominican Republic, known for ⁤its remarkable spiritual and‌ healing properties as well as its beauty. This captivating stone has long been associated with inner peace, emotional balance, and tranquility due​ to its intricate patterns reminiscent of the ocean and its serene shades of blue. The […]

Worlwide

Overview VipsPM – Project Management Suite is a Powerful web-based Application. VipsPM is a perfect tool to fulfill all your project management needs like managing Projects, Tasks, Defects, Incidents, Timesheets, Meetings, Appointments, Files, Documents, Users, Clients, Departments, ToDos, Project Planning, Holidays and Reports. It has simple yet efficient layout will make managing projects easier than […]
Groundnut oil is a popular choice⁤ for cooking⁢ in many households due to ‍its ⁤versatility and health benefits. However, it is important to ensure that the groundnut oil you are⁣ using is of high quality and purity. In this guide, we will discuss simple and practical ways to identify top-notch groundnut oil for cooking, including […]
Larimar ‍is​ a ⁣stunning blue gemstone found exclusively in the Dominican Republic, known for ⁤its remarkable spiritual and‌ healing properties as well as its beauty. This captivating stone has long been associated with inner peace, emotional balance, and tranquility due​ to its intricate patterns reminiscent of the ocean and its serene shades of blue. The […]
Larimar is a stunning⁤ blue gemstone‌ found exclusively in the Dominican Republic, known ⁣for its remarkable spiritual and healing properties as well as its beauty. This‌ captivating stone has​ long been associated with inner ​peace, emotional ‌balance, ⁤and ⁢tranquility due to its intricate patterns reminiscent of the ocean and its serene ​shades‌ of blue. The […]

Trending

Turquoise Jewelry is one of the ancient healing stones used for personal adornment and astrological benefits. The rare greenish blue-colored pectolite is celebrated for its enchanting powers among many crystal lovers. It is a hydrated phosphate of copper and aluminum that ranks 5 to 6 on the Mohs hardness scale. It is deemed a protective […]
24 March 2020, the evening when the Government of India ordered a nationwide lockdown for 21 days. Because the deadly Coronavirus crept into the world and turned it into a sinking ship, put unforeseen pressures on all of us with its destructive intentions. Soon after, it turned into a giant monster. Omicron, the new variant […]
Singapore is recognised globally as a prime destination for foreign investors. Its business structure is well-developed, and its tax system is favourable to business owners. The government has a strong support system for entrepreneurs and provides legal protection for intellectual property rights. All of these conditions create an environment that is ideal for Singapore company […]