How to configure the SSL certificate in Apache Web Server

This article explains how to configure the SSL certificate in Apache Web Server. SSL Stands for Secure Sockets Layer Used for websites to securely transfer data over the Internet or over the network. In today’s world, the internet has become mandatory for all tasks such as banking, shopping, payments of all kinds and so on. To do all of these tasks, we need to enter our confidential information such as credit / debit card numbers, bank account number, username, password, etc.

Thanks to the SSL certificate, our confidential data can be transmitted in encrypted format over the Internet, so that no one can hack, understand and steal our data. Without SSL, the data is transmitted over the Internet in a plain text format and anyone can hack and abuse our data.

How to configure the SSL certificate in Apache Web Server

So let’s look at the steps to configure SSL in Apache Web Server.

Follow these steps to configure the SSL certificate in Apache Web Server:

Preparation before Apache SSL configuration:

Before SSL configuration for Apache VirtualHost we need to install and configure Apache Web Server and add a VirtualHost as an example. So follow the steps below to do the same.

Install the Apache package with the following command:

# yum -y install httpd
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: mirror.fibergrid.in
 * base: mirror.fibergrid.in
 * extras: mirror.fibergrid.in
 * updates: mirror.fibergrid.in
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package httpd.i386 0:2.2.3-92.el5.centos set to be updated
addons/filelists_db                                      |  574 B     00:00     
base/filelists                                           | 3.1 MB     00:26     
extras/filelists_db                                      | 212 kB     00:01     
updates/filelists_db                                     | 5.0 MB     00:43     
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================
 Package       Arch         Version                       Repository       Size
================================================================================
Installing:
 httpd         i386         2.2.3-92.el5.centos           updates         1.2 M

Transaction Summary
================================================================================
Install       1 Package(s)
Upgrade       0 Package(s)

Total download size: 1.2 M
Downloading Packages:
httpd-2.2.3-92.el5.centos.i386.rpm                       | 1.2 MB     00:10     
warning: rpmts_HdrFromFdno: Header V3 DSA signature: NOKEY, key ID e8562897
updates/gpgkey                                           | 1.5 kB     00:00     
Importing GPG key 0xE8562897 "CentOS-5 Key (CentOS 5 Official Signing Key) " from /etc/pki/rpm-gpg/RPM-GPG-KEY-CentOS-5
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Installing     : httpd                                                    1/1 

Installed:
  httpd.i386 0:2.2.3-92.el5.centos                                              

Complete!
[[email protected] ~]# 

With the following command we can check if httpd is installed or not

   
# rpm -qa | grep httpd
httpd-2.2.3-92.el5.centos

Now we have to add a VirtualHost. To do this, follow the steps below.

Before changes in the main Apache configuration file (httpd.conf) Make a backup with the following command.

   
# cd /etc/httpd/conf
# cp httpd.conf httpd.conf.backup
# ls
httpd.conf  httpd.conf.backup  magic

Now edit the httpd.conf Follow the steps below to get to the end of the configuration file

# nano /etc/httpd/conf/httpd.conf

Now add the following lines to add a VirtualHost

How to configure the SSL certificate in Apache Web Server

Create VirtualHost in Apache Web Server

192.168.0.107 is the IP address of the Apache web server and the port 80 is the default setting for WWE.

As we can see on VirtualHost above, we mentioned Root document Path, i.e. /var/www/html/itsmarttricks.comSo we have to create a directory itsmarttricks.com and copy our website documents on this path.

At the moment we can create a sample file index.html as a website document and text like Welcome to itsmarttricks (According to my scenario) edit the following steps by editing them:

# mkdir /var/www/html/itsmarttricks.com
# nano /var/www/html/itsmarttricks.com/index.html
# ls -l /var/www/html/itsmarttricks.com/
total 4
-rw-r--r-- 1 root root 22 Dec 11 20:21 index.html

How to configure the SSL certificate in Apache Web Server

Create a sample HTML file

Now check the httpd.conf whether everything is configured perfectly with the following command.

# httpd -t
Syntax OK

As we can see above, everything looks fine. So let’s start the Apache server and start it with the following command.

# /etc/init.d/httpd start
Starting httpd:                                            [  OK  ]
# chkconfig --level 35 httpd on
# chkconfig --list httpd
   httpd           0:off   1:off   2:off   3:on    4:off   5:on    6:off

Test it now by typing http: // localhost in the browser.

How to configure the SSL certificate in Apache Web Server

Check VirtualHost in the web browser

OR If you want to access using the domain name mentioned in VirtualHost, i. H. itsmarttricks.comyou have to configure BIND DNS Server OR simply enter it / etc / hosts File as shown below.

Simply edit the / etc / hosts file with the command Nano / etc / hosts and enter the line as highlighted in the snapshot below.

How to configure the SSL certificate in Apache Web Server

Configure the host file

As we can see above, our website is now opened as http: // localhost. This means that it is not now configured with SSL. Configure this VirtualHost to work over https. So follow the steps below.

Step: 1 Install the required packages

We need to install two packages to configure SSL for Apache VirtualHost, i.e. H.

1. openssl
Second mod_ssl

So let’s install the required packages with the following command.

# yum -y install openssl mod_ssl
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
 * addons: mirror.fibergrid.in
 * base: mirror.fibergrid.in
 * extras: mirror.fibergrid.in
 * updates: mirror.fibergrid.in
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package mod_ssl.i386 1:2.2.3-92.el5.centos set to be updated
--> Processing Dependency: libdistcache.so.1 for package: mod_ssl
--> Processing Dependency: libnal.so.1 for package: mod_ssl
---> Package openssl.i686 0:0.9.8e-40.el5_11 set to be updated
--> Running transaction check
---> Package distcache.i386 0:1.4.5-14.1 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

================================================================================================================
 Package                  Arch                Version                              Repository              Size
================================================================================================================
Installing:
 mod_ssl                  i386                1:2.2.3-92.el5.centos                updates                 98 k
Updating:
 openssl                  i686                0.9.8e-40.el5_11                     updates                1.7 M
Installing for dependencies:
 distcache                i386                1.4.5-14.1                           base                   119 k

Transaction Summary
================================================================================================================
Install       2 Package(s)
Upgrade       1 Package(s)

Total download size: 1.9 M
Downloading Packages:
(1/3): mod_ssl-2.2.3-92.el5.centos.i386.rpm                                              |  98 kB     00:03     
(2/3): distcache-1.4.5-14.1.i386.rpm                                                     | 119 kB     00:01     
(3/3): openssl-0.9.8e-40.el5_11.i686.rpm                                                 | 1.7 MB     00:14     
----------------------------------------------------------------------------------------------------------------
Total                                                                            58 kB/s | 1.9 MB     00:33     
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
  Updating       : openssl                                                                                  1/4 
  Installing     : distcache                                                                                2/4 
  Installing     : mod_ssl                                                                                  3/4 
  Cleanup        : openssl                                                                                  4/4 

Installed:
  mod_ssl.i386 1:2.2.3-92.el5.centos                                                                            

Dependency Installed:
  distcache.i386 0:1.4.5-14.1                                                                                   

Updated:
  openssl.i686 0:0.9.8e-40.el5_11                                                                               

Complete!
[[email protected] ~]# 

Step: 2 Generate a self-signed certificate

Now let’s create a self-signed certificate so that our VirtualHost works as SSL. So follow the steps below:

1. Generate a private key with the following command:

# openssl genrsa -out itsmarttricks.key 2048
Generating RSA private key, 2048 bit long modulus
............+++
.........................................+++
e is 65537 (0x10001)

2. Generate CSR, i.e. H. Certificate signing requirement:

# openssl req -new -key itsmarttricks.key -out itsmarttricks.csr
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:IN
State or Province Name (full name) [Berkshire]:Maharashtra
Locality Name (eg, city) [Newbury]:Mumbai
Organization Name (eg, company) [My Company Ltd]:itsmarttricks
Organizational Unit Name (eg, section) []:Linux Education
Common Name (eg, your name or your server's hostname) []:itsmarttricks.com
Email Address []:[email protected]

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:
An optional company name []:
[[email protected] ~]# 

3. Generate a self-signed certificate:

# openssl x509 -req -days 1095 -in itsmarttricks.csr -signkey itsmarttricks.key -out itsmarttricks.crt
Signature ok
subject=/C=IN/ST=Maharashtra/L=Mumbai/O=itsmarttricks/OU=Linux Education/CN=itsmarttricks.com/[email protected]
Getting Private key

That is why we have generated all the necessary certificates as shown below.

   
# ls
   anaconda-ks.cfg  Desktop  itsmarttricks.crt  itsmarttricks.csr  itsmarttricks.key  install.log  install.log.syslog

Step: 3 Copy the certificates to the required location

Now we have to copy all the certificates created to the required location.

Copy the itsmarttricks.crt file to / etc / pki / tls / cert

# cp itsmarttricks.crt /etc/pki/tls/certs/
# ls /etc/pki/tls/certs/
ca-bundle.crt  itsmarttricks.crt  localhost.crt  make-dummy-cert  Makefile

Copy the itsmarttricks.key file to / etc / pki / tls / private

# cp itsmarttricks.key /etc/pki/tls/private/
# ls
anaconda-ks.cfg  Desktop  itsmarttricks.crt  itsmarttricks.csr  itsmarttricks.key  install.log  install.log.syslog

Copy the itsmarttricks.csr file to / etc / pki / tls / private

# cp itsmarttricks.csr /etc/pki/tls/private/
# ls /etc/pki/tls/private/
itsmarttricks.csr  itsmarttricks.key  localhost.key

Step: 4 Configure ssl.conf

As we can see above, we have copied all certificates into the required directories. Now we configure it ssl.conf File as shown below.

Edit the /etc/httpd/conf.d/ssl.conf file as shown below

# nano /etc/httpd/conf.d/ssl.conf

now looking for SSLCertificateFile and then mention the path of the SSL certificate file before the path created above, i.e. itsmarttricks.crt

After mentioning the path, the line should look like this:

SSLCertificateFile /etc/pki/tls/certs/itsmarttricks.crt

now looking for SSLCertificateKeyFile and then mention the path of the SSL certificate key file before the path created above, i.e. itsmarttricks.key

After mentioning the path, the line should look like this:

SSLCertificateKeyFile /etc/pki/tls/private/itsmarttricks.key

How to configure the SSL certificate in Apache Web Server

ssl.conf file after configuration

As shown in the snapshot above, changes in are required ssl.conf Configuration file with blue color.

Step: 5 SSL configuration for VirtualHost

Now we need to make changes to our VirtualHost as shown below:

Before we added VirtualHost for port 80 in this tutorial above, we need to make changes to this configuration now. To work for https, follow the steps below.

VirtualHost Configured for port 80 as shown below:

How to configure the SSL certificate in Apache Web Server

VirtualHost configured with port 80

We need to make changes to the above configuration for https is:

Replace the port 80 With 443 as the port number of SSL 443 and then add the lines below # How to enable SSL support for this VirtualHostSSLEngine on# Path of the SSL certificate file SSLCertificateFile /etc/pki/tls/certs/itsmarttricks.crt# Path of the SSL certificate key file
SSLCertificateKeyFile /etc/pki/tls/private/itsmarttricks.key After complete changes, the VirtualHost should look like the following snapshot and all changes are highlighted in blue.

How to configure the SSL certificate in Apache Web Server

VirtualHost after SSL configuration

Now restart the Apache service with the following command.

# /etc/init.d/httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]

We have completed our configuration part. Now it’s time to test it. Simply open the web browser and type https: //In our case it is https://192.168.0.107 as shown in the snapshot below.

How to configure the SSL certificate in Apache Web Server

Test website with https

Note : An exception error may have been found in the Firefox web browser. Just click Add exception and accept the certificate manually. Then you can access https site in Firefox. Follow the same step for Google Chrome too.

Read Also – Configure Basic Authentication in Apache Web Server

That’s all. In this article we explained how to configure the SSL certificate in Apache Web server, I hope you like this article. If you like this article, just share it. If you have any questions about this article, please comment.

Sidebar