1 de 8 Pricing Features Customers Help & Community Sign Up Login Help & Community Articles & Tutorials Questions Chat Blog Try this tutorial on an SSD cloud server. Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more. Related Articles CentOS How to Setup and Configure an OpenVPN Server on CentOS 6 How To Set Up Apache Virtual Hosts on CentOS 6 How To Set Up vsftpd on CentOS 6 How To Add and Delete Users on Ubuntu 12.04 and CentOS 6 How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 6 Apache How To Create a SSL Certificate on Apache for Ubuntu 12.04 How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 6 How To Install Linux, Apache, MySQL, PHP (LAMP) stack On CentOS 6 How To Set Up Apache Virtual Hosts on Ubuntu 12.04 LTS How To Install Linux, Apache, MySQL, PHP (LAMP) stack on Ubuntu 2 de 8 How To Create a SSL Certificate on Apache for CentOS 6 15 Tweet 3 submit Share Write an Article About Self-Signed Certificates A SSL certificate is a way to encrypt a site's information and create a more secure connection. Additionally, the certificate can show the virtual private server's identification information to site visitors. Certificate Authorities can issue SSL certificates that verify the virtual server's details while a self-signed certificate has no 3rd party corroboration. Step One—Install Mod SSL In order to set up the self signed certificate, we first have to be sure that Apache and Mod SSL are installed on our VPS. You can install both with one command: yum install mod_ssl Step Two—Create a New Directory Next, we need to create a new directory where we will store the server key and certificate mkdir /etc/httpd/ssl Step Three—Create a Self Signed Certificate When we request a new certificate, we can specify how long the certificate should remain valid by changing the 365 to the number of days we prefer. As it stands this certificate will expire after one year. openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/ssl/apache.key -out /etc/httpd/ssl/apache.crt With this command, we will be both creating the self-signed SSL certificate and the server key that protects it, and placing both of them into the new directory. This command will prompt terminal to display a lists of fields that need to be filled in. The most important line is "Common Name". Enter your official domain name here or, if you don't have one yet, your site's IP address. You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. ----Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:NYC Organization Name (eg, company) [Internet Widgits Pty Ltd]:Awesome Inc Organizational Unit Name (eg, section) []:Dept of Merriment Common Name (e.g. server FQDN or YOUR name) []:example.com Email Address []:[email protected] Step Four—Set Up the Certificate Now we have all of the required components of the finished certificate.The next thing to do is to set up the virtual hosts to display the new certificate. Open up the SSL config file: 3 de 8 vi /etc/httpd/conf.d/ssl.conf Find the section that begins with <VirtualHost _default_:443> and make some quick changes. Uncomment the DocumentRoot and ServerName line and replace example.com with your DNS approved domain name or server IP address (it should be the same as the common name on the certificate): ServerName example.com:443 Find the following three lines, and make sure that they match the extensions below: SSLEngine on SSLCertificateFile /etc/httpd/ssl/apache.crt SSLCertificateKeyFile /etc/httpd/ssl/apache.key Your virtual host is now all set up! Save and Exit out of the file. Step Five—Restart Apache You are done. Restarting the Apache server will reload it with all of your changes in place. /etc/init.d/httpd restart In your browser, type https://youraddress to view the new certificate. By Etel Sverdlov Try this tutorial on an SSD cloud server. Includes 512MB RAM, 20GB SSD Disk, and 1TB Transfer for $5/mo! Learn more. Comments anthony Simple and works perfect. Thanks. Posted November 28th, 2012 19:01 Etel Aw! Thank you for the kind words! :D Posted November 28th, 2012 19:04 mark We need to add one last command to allow this to work: iptables -I INPUT 1 -p tcp --dport 443 -j ACCEPT This opens port 443 to allow https:// to work. 4 de 8 Posted January 11th, 2013 16:54 Etel Thanks for the suggestion, Mark. This is definitely true for users that have IP tables set up. Posted January 11th, 2013 22:14 enrique Good manual, need help... Bad Request Your browser sent a request that this server could not understand. Reason: Youre speaking plain HTTP to an SSL-enabled server port. Instead use the HTTPS scheme to access this URL, please. Posted January 21st, 2013 15:12 Moisey In your URL you arent using HTTPS which indicates that you want to connect to port 443, but instead your URL has HTTP. So just update that and you should be good to go. Posted January 21st, 2013 16:57 thom_l Stopping httpd: [FAILED] Starting httpd: [FAILED] Posted March 3rd, 2013 22:12 David Levy Thanks for that additional command mark. Works great. Suggestion: Why not expand the tutorial to include how to use trusted ssl keys? Posted March 23rd, 2013 21:32 David Levy To add to mark's command: http://wiki.centos.org/HowTos/Https iptables -A INPUT -p tcp --dport 443 -j ACCEPT /sbin/service iptables save 5 de 8 Posted March 23rd, 2013 21:36 SaM5246 You have asked Firefox to connect securely to 192.xxx.xxx.32, but we can't confirm that your connection is secure. Normally, when you try to connect securely, sites will present trusted identification to prove that you are going to the right place. However, this site's identity can't be verified. So this is what everyone will see the first time they come across it? Posted August 7th, 2013 18:15 Kamal Nasser @SaM5246: It's because this is a self-signed cert. To get rid of this warning, you have to get your certificate signed by a CA such as Comodo, Verisign, Thawte, Godaddy, etc. Posted August 7th, 2013 19:10 Colin Foster ... or create your own CA certificate and install that into apache and your own browsers' trusted CA list. That gets rid of the warning screen (and tests that the certificate installed OK - you'll see the green padlock beside the URL). Posted August 15th, 2013 05:45 leo_ultra_leo What about the "genkey" command for certificate generation? I know there is a bug regarding this issue (in RHEL6 and CentOS 6.4). I did update the nss tool in CentOS and it now just works so great! Posted September 20th, 2013 09:00 ruben.amaya Etel, In case that I am not running iptables. How I can open the 443.? I read this post and all comments, then went to my machine and give the commands iptables --list service iptables status I don't get any information from iptables --list, and the service iptables status told me that I am not running iptables. But if I did the command (after installing nmap with yum install nmap ) nmap -v -r 127.0.0.1 That runs an autoscan it give me the following (This is only part of the output) that I use to check which ports are open and which not.) Not shown: 995 closed ports PORT STATE SERVICE 22/tcp open ssh 6 de 8 25/tcp open smtp 80/tcp open http 3306/tcp open mysql 10000/tcp open snet-sensor-mgmt I noticed that when I installed Apache with yum, the port was opened, the same when I installed the Mysql, but how this is possible if the iptables is not running.? Is there another method to open the ports.? And thank you for all the information in this post. Is being very usefull. Posted October 19th, 2013 20:26 Kamal Nasser @ruben.amaya: What's the output of iptables -L -v as root? The iptables service might not be running but the iptables kernel module is always there. Posted October 20th, 2013 08:16 masterjx12 how do you add multiple ssl's? Posted October 22nd, 2013 17:51 Kamal Nasser @masterjx12: See https://www.digitalocean.com/community/articles/how-to-set-up-multiple-ssl-certificates-on-one-ip-with-apacheon-ubuntu-12-04 I recommend reading through the article and then performing the steps yourself since the article is for Ubuntu and not CentOS. Posted October 23rd, 2013 18:20 singh.baljinder1356 works great to me, thanx Etel, can u plz suggest how to use already purchased CA certfied ssl in it Posted October 27th, 2013 08:36 7 de 8 Create your account or sign-in Company Pricing Comparison Chart Features Customers About FAQ Press Careers API Integrations Network Status Contact Community Articles & Tutorials Get Paid to Write Suggest an Article Chat Q&A Blog Referral Program Events Calendar Feedback Badges & Logos The Shop Getting Started One-Click Install Applications What is Cloud Hosting? Control Panel Overview Deploy a Virtual Server Set-Up SSH Keys Install Git on Ubuntu How to Install Ruby on Rails How to Install LAMP Stack Set-Up a Host Name 8 de 8 ©2011-2013 DigitalOcean™, Inc. All Rights Reserved. Terms & Privacy. Security.