Introduction
Secure Socket Layer (SSL) certificates ensure that data between the server and client browsers remains private. This guide will walk you through the process of setting up an SSL certificate on an Apache server for both CentOS/RHEL and Ubuntu systems.
Prerequisites
-
A CentOS/RHEL or Ubuntu-based system.
-
Root or sudo access to the server.
-
An SSL certificate and private key.
Step-by-Step Guide
1. Copy the Certificate Files to Your Server
Before you begin the installation process, you'll need to have your SSL Certificate and Private Key ready. These files are typically provided by your SSL provider.
-
Action: Download your SSL Certificate and Private Key from your SSL provider.
-
Action: Transfer them to your server.
For CentOS/RHEL:
Create a directory for SSL files
mkdir -p /etc/ssl/private
For Ubuntu:
Create a directory for SSL files
sudo mkdir -p /etc/apache2/ssl
-
Note: Ensure these files are secure. They should be readable by root only.
2. Install Mod SSL and Apache
-
For CentOS/RHEL:
yum -y install httpd mod_ssl
sudo systemctl enable httpd.service
systemctl start httpd.service
-
For Ubuntu:
sudo apt update
sudo apt install apache2
sudo a2enmod ssl
sudo systemctl restart apache2
3. Set Up the Certificate
For CentOS/RHEL:
- Navigate to /etc/ssl/private and set permissions:
chmod 700 /etc/ssl/private
- Open the SSL configuration file:
sudo vi /etc/httpd/conf.d/ssl.conf
- Set Up the Certificate
Once you've placed your certificate and private key in the appropriate directory, you'll need to configure Apache to use them.
Action: Locate and modify the following lines to point to your certificate and private key files:
SSLCertificateFile /etc/ssl/private/your_domain_name.crt
SSLCertificateKeyFile /etc/ssl/private/your_private_key.key
Note: Replace "your_domain_name.crt" with the name of your certificate file and "your_private_key.key" with the name of your private key file.
For Ubuntu:
- Navigate to /etc/apache2/ssl and set permissions:
sudo chmod 700 /etc/apache2/ssl
- Open the default SSL configuration file:
sudo nano /etc/apache2/sites-available/default-ssl.conf
For both systems, locate and modify the lines to point to your certificate and private key files.
Modify the Directives:
Replace the paths with the paths to your actual certificate and private key:
SSLCertificateFile /etc/apache2/ssl/your_domain_name.crt
SSLCertificateKeyFile /etc/apache2/ssl/your_private_key.key
Save and Close:
After making the changes, save and close the file.
Enable the Default SSL Site:
If it's not already enabled, you can enable the default SSL site using:
sudo a2ensite default-ssl
Reload Apache:
Finally, to apply the changes, reload Apache:
sudo systemctl reload apache2
This will ensure that Apache uses the specified SSL certificate and private key for secure connections.
4. Redirect to HTTPS
For CentOS/RHEL:
-
Open the main Apache configuration file:
sudo vi /etc/httpd/conf/httpd.conf
For Ubuntu:
-
Open the default Apache configuration file:
sudo nano /etc/apache2/sites-available/000-default.conf
For both systems, add the following lines to redirect traffic:
ServerName www.yourdomain.com
Redirect "/" "https://www.yourdomain.com/"
Replace www.yourdomain.com with your actual domain name.
5. Test and Restart Apache
For CentOS/RHEL:
apachectl configtest
systemctl restart httpd
For Ubuntu:
sudo apache2ctl configtest
sudo systemctl restart apache2
Conclusion
Your Apache server, whether on CentOS/RHEL or Ubuntu, is now configured to use SSL, ensuring secure connections for your visitors. Always remember to renew your SSL certificate before it expires to maintain a secure environment.