input license here

How to Install SSL Certificate on CentOS 7






In this article, you will learn how to install an SSL certificate on CentOS 7.


SSL (Security Socket Layer) is a web protocol used to protect traffic to the server through encryption. That is, all information will be locked and can only be accessed by the specified recipient.


Typically, e-commerce or online financial services need this protocol because they often store sensitive information, like credit cards.


However, SSL certificate has now become a common standard for all websites, to protect users' confidential data, like login information, social security number, ID card, etc.


Luckily you can get an SSL certificate easily from a provider like COMFORTABLE SSL and Let’s Encrypt, which will be used in our installation guide.


See SSL price list


Manual Apache installation


Before installing SSL, make sure that Apache (web server software) installed on your CentOS.


You can check the setting easily by typing httpd -v when accessing the server via SSH. If Apache is already installed, you should see something like the one below.


On Hostinger, users can choose to have Apache pre-installed on their servers.


check apache


On CentOS 7, Apache can be installed through the software repositories by entering this command on the terminal:


sudo yum install httpd

Now to start using Apache, enter:


sudo systemctl start httpd

If you want Apache to start automatically at boot time, enable it with:


sudo systemctl enable httpd

enable and launch apache on centos


How to Install Let's Encrypt SSL Certificate


Let's Encrypt offers free SSL certificates. Let's see how to install it on the server.


Important: We use “host hostinger-dev-9.xyz” as a test site, but you must change it to your site name.


We recommend updating your system first just to be on the safe side.


yum -y update

Next, you will need mod_ssl to configure Let's Encrypt.


yum -y install mod_ssl

Now, configure Apache by creating the document root directory for the site.


mkdir /var/www/hostinger-dev-9.xyz

configure ssl certificate settings let's encrypt


The virtual host config file is required in this step. You can create it with nano and enter the following lines:


nano /etc/httpd/conf.d/hostinger-dev-9.xyz.conf

In nano, enter the code:


<VirtualHost *:80>
ServerAdmin admin@test.com
DocumentRoot "/var/www/hostinger-dev-9.xyz"
ServerName hostinger-dev-9.xyz
ServerAlias www.hostinger-dev-9.xyz.com
ErrorLog "/var/log/httpd/test.error_log"
CustomLog "/var/log/httpd/test.access_log" common
</VirtualHost>

Replace the owner of the folder /var/www/hostinger-dev-9.xyz with your apache user so it can recognize the directory


chown -R apache:apache /var/www/hostinger-dev-9.xyz

Install Certbot


Before installing certbot, make sure you have activated it EPEL repository by entering this command:


yum -y install epel-release

Next is the installation yum-utils


yum -y install yum-utils

Only then can you install certbot for Apache


yum -y install certbot-apache

install certbot


After installing certbot, run it by executing:


certbot

There will be a prompt asking for the name you want to enable https on:


Saving debug log to /var/log/letsencrypt/letsencrypt.log
Plugins selected: Authenticator apache, Installer apacheStarting new HTTPS connection (1): acme-v01.api.letsencrypt.org
Which names would you like to activate HTTPS for?
-------------------------------------------------------------------------------
1: hostinger-dev-9.xyz
2: www.hostinger-dev-9.xyz
-------------------------------------------------------------------------------
Select the appropriate numbers separated by commas and/or spaces, or leave input
blank to select all options shown (Enter 'c' to cancel):

Just press enter to both hostinger-dev-9.xyz and www.hostinger-dev-9.xyz redirected to https


Another prompt will appear:


Choose whether or not to redirect HTTP traffic to HTTPS, removing HTTP access.
-------------------------------------------------------------------------------
1: No redirect – Make no further changes to the web server configuration.
2: Redirect – Make all requests redirect to secure HTTPS access. Choose this for
new sites, or if you're confident your site works on HTTPS. You can undo this
change by editing your web server's configuration.
-------------------------------------------------------------------------------
Select the appropriate number [1-2] then [enter] (press 'c' to cancel):

Choose No. 2 to redirect both your website name to https.


You should see the output below if the process is done correctly

-------------------------------------------------------------------------------
Congratulations! You have successfully enabled
https://hostinger-dev-9.xyz and https://www.hostinger-dev-9.xyz

You should test your configuration at:
https://www.ssllabs.com/ssltest/analyze.html?d=hostinger-dev-9.xyz
https://www.ssllabs.com/ssltest/analyze.html?d=www.hostinger-dev-9.xyz
-------------------------------------------------------------------------------

Automatic certificate renewal


One good thing about using Let's Encrypt is that you can set up automatic certificate renewals.


To set automatic renewal, enter the following command:


export EDITOR=/bin/nano

This command will set nano as default editor and now it is editable crontab:


crontab -e

In fact, Let's Encrypt recommends an auto-renew cronjob that will run twice a day. To do that, paste this command and save the crontab:


* */12 * * * /usr/bin/certbot renew >/dev/null 2>&1

How to Install an SSL Certificate with Comodo


COMODO SSL is a paid SSL certificate provider. With this provider, users can choose to encrypt server traffic. Here's how to install it on CentOS 7.


Download the Intermediate Certificate (ComforterRSACA.crt) and the Beginner Certificate (domain_name.crt) and copy to the server directory. It will store your certificate and key files.


grep -i -r "SSLCertificateFile" /etc/httpd/

Find files config Apache. Usually, the file name is httpd.conf or apache2.conf. The usual locations for files are /etc/httpd/ or /etc/apache2/. If it cannot be found, the alternative is to search using grep via the command below:


grep -i -r "SSLCertificateFile" /etc/httpd/

Note: change "/etc/httpd/” to the base directory of the Apache installation


Now, if you want to enable SSL on the server, configure it with by pasting the following line here:


<VirtualHost 31.220.62.130>
DocumentRoot /var/www/hostinger-dev-9.xyz
ServerName www.hostinger-dev-9.xyz
SSLEngine on
SSLCertificateFile /var/www/hostinger-dev-9.xyz.crt
SSLCertificateKeyFile /var/www/your_private.key
SSLCertificateChainFile /var/www/ComodoCA.crt
</VirtualHost>


  • 31.220.62.130 : change this to your server IP address

  • SSLCertificateFile need to change to your COMODO certificate file (eg. domain_name.crt)

  • SSLCertificateKeyFile is the key file generated when you generate the CSR (Certificate Signing Request)

  • SSLCertificateChainFile there intermediate COMODO certificate file (ComodoRSACA.crt)


It is important that you remember to check the Apache config file before restarting. If there is a syntax error, Apache will not start. So to make sure everything is working properly, you can type this command:


apachectl configtest

Once all is right, restart Apache with SSL support:


apachectl stop

And after that


apachectl start

start apachectl


In case Apache does not start with SSL support, use “apachectl startssl” instead.


Summary


SSL is required to secure traffic on your website, especially if used for transaction processing. COMODO SSL and Let's Encrypt are two providers that allow you to install SSL certificates on CentOS 7. Although installing either of these certificates can be difficult, it is well worth it. Let's make your website more secure





Author






Hai G. is an expert in managing and operating website services. He has many years of experience in VPS, Hosting, technical SEO, CMS. Especially love WordPress and have been using it for over 5 years now. His hobbies are reading, blogging, traveling and mentoring young people to start a business.





Related Posts
Diệp Quân
Nguyen Manh Cuong is the author and founder of the vmwareplayerfree blog. With over 14 years of experience in Online Marketing, he now runs a number of successful websites, and occasionally shares his experience & knowledge on this blog.
SHARE

Related Posts

Subscribe to get free updates

Post a Comment

Sticky