In this guide, you will learn how to install an SSL Certificate on CentOS. Since no SSL installation goes without a certificate signing request, we’ve also included step by step instructions on how to generate a CSR code in CentOS. For the most curious minds, we’ve added a historical overview of CentOS. And, if you don’t know where to buy an SSL Certificate for CentOS, stick till the end to find the best place and search tools for your ideal certificate.

How to generate a CSR code in CentOS?

When applying for an SSL Certificate, you need to generate a CSR (Certificate Signing Request) and send it to the Certificate Authority. The CSR is a block of text that includes up to date information about your website or organization, as well as the public key. You can generate the CSR straight from your server. Please follow the instructions below:

  1. Log into your server using the secure shell (SSH)
  2. Type the following command at the prompt:
    openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr
  3. Make sure you replace mydomain with your actual domain name. For example, if your domain name is, you must enter example.key and example.csr
  4. Next, you need to submit details about your organization to the CA
    • Country Name – Use the two-letter abbreviation for the country where your organization is officially registered. For example, if it is registered in the United States, enter “US”, if in the United Kingdom, type “UK”
    • State or Provence – Enter the full name of the state or province where your organization is registered
    • City or Locality –Enter the full name of the city where your organization is located
    • Organization Name – If you’re applying for a Business Validation or Extended Validation certificate, enter your company’s legal name. If you’re applying for a Domain Validation certificate, use your full name instead
    • Organizational Unit Name – Here you can enter your DBA (doing as business) name if applicable. Alternatively, you can specify the department that manages the SSL certificates. For example, “IT” or “Web Administration”
    • Common Name – Enter the fully qualified domain name (FQDN) you want to secure. (e.g.

      Note: If you’re applying for a Wildcard SSL certificate, you must add an asterisk in front of your domain name. For example, * Do not include “https” or any other characters in this field.

    • Email address – Enter a valid email address as a means of contact for your domain
    • Password – This field is optional. You may further secure your SSL certificate with a password, or you can leave this field blank.

Your CSR code is ready! You can find it in your working directory with the “ls” command. The two new files are yourdomainname.csr, and yourdomainame.key.

The .csr file contains the certificate signing request that you’ll need to submit to the Certificate Authority when ordering your SSL Certificate. Next, we’re going to install an SSL certificate on CentOS.

Install an SSL certificate on CentOS 7 & 6.

  1. Download the primary and intermediate certificates that you’ve obtained from your SSL provider
  2. Copy your SSL files to your Apache server. Make sure the .key file that you created along the CSR generation is also present on your server
  3. Now, you need to locate and edit the httpd.conf or ssl.conf file in the Apache configuration. Uses the “cp” and “nano” commands:
    # cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.BAK
    # nano /etc/httpd/conf.d/ssl.conf
  4. If one or more files are commented out, remove the # character from the starting line, and enter the absolute path according to your Apache version
    Apache versions older than the 2.4.8 release have the following directives and path:

    • SSLCertificateFile – The path of your certificate file
    • SSLCertificateKeyFile – The path of your key file
    • SSLCertificateChainFile – The intermediate bundle path.

    Apache version 2.4.8 and higher have the following directives and path:

    • SSLCertificateFile – The path of your certificate file
    • SSLCertificateKeyFile – The path of your key file
    • SSLCertificatePath – The intermediate bundle path.
      Here’s an example of your certificates’ absolute file path. You can copy-paste the code below, but make sure to specify the correct names of your files.
      SSLCertificateFile /etc/httpd/conf/ssl.crt/your_leaf_certificate.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/your_domain_name.key SSLCACertificatePath /etc/httpd/conf/ssl.chain/your_intermediate_chain.crt

      Note: Remember to change the permission of the certificate key file:
      # chmod 400 /etc/httpd/conf/ssl.key/

  5. Save your configuration and restart Apache to complete the SSL installation.

Install an SSL certificate on CentOS 8

  1. Ensure that mod_ssl is installed on your system. You can check this via the following
    command: rpm -qa | grep mod_ssl
  2. If it’s not, install it with dnf install mod_ssl
  3. Create the chain of your SSL certificate. It must include the private key, as well as the root, intermediate and server certificates. cat pub-key.pem ca-chain.pem > full-chain.pem
  4. Place the PEM file with the SSL chain in the following directory on your Apache server: /etc/pki/tls/certs
  5. Place the private key in the /etc/pki/tls/private/ folder.
  6. Secure your private key by making it inaccessible to other users: chmod -R 600 /etc/pki/tls/private/
  7. In the configuration file for your domain (with .conf extension), insert the following block of code: Replace with your actual domain name.
    <VirtualHost *:443>
    SSLEngine on
    # The path to the complete chain of your SSL certificate
    SSLCertificateFile /etc/pki/tls/certs/full-chain.pem
    # The path to the private key
    SSLCertificateKeyFile /etc/pki/tls/private/privkey.pem
    # The path to the content of your website.
    <Directory /var/www/>
    AllowOverride All
    # The path to the content of your website
    DocumentRoot /var/www/
    # Domain name of your website
  8. If you don’t have a configuration file, create it via nano /etc/httpd/conf.d/yourdomain.conf and place it in the /etc/httpd/conf.d/ directory.
  9. Add HTTPS redirects to your .conf file:
    <VirtualHost *:80>
    Redirect "/" ""
  10. Save the changes and close the file.
  11. Restart Apache: systemctl restart httpd

CentOS History and Versions

CentOS stands for Community Enterprise Operating System, a Linux distribution that offers a free, enterprise computing platform to desktop computers, and servers. The first CentOS version, released on May 14, 2014 was forked from Red Hat Enterprise Linux (RHEL) version 2.1AS. CentOS stayed with RHEL until January 2014, when it officially joined Red Hat and became independent from RHEL.

The latest versions of CentOS, officially support only the x86-64 architecture; however, AltArch releases also include IA-32 architecture. Listed below are all the major CentOS releases:

  • CentOS 2.1 – released on 14 May 2004. Supports IA-31 architecture.
  • CentOS 3.1 – released on 19 March 2004. Supports IA-32, x86-64, IA-64, s390, s390x architectures.
  • CentOS 4 – released on 9 March 2005. Supports IA-32, x86-64, and various architectures.
  • CentOS 5 – released on 12 April 2007. Supports IA-32, x86-64 architectures.
  • CentOS 6 – released on 10 July 2011. Supports IA-32, x86-64 architectures.
  • CentOS 7 – released on 7 July 2014. Supports x86-64 architectures.
  • CentOS 8 – released on 24 September 2019. Supports x86-64 architectures.

Where to buy an SSL Certificate for CentOS?

The best place to buy an SSL Certificate for your CentOS server is from a reputable SSL reseller such as SSL Dragon. Our prices are the lowest on the market, but there are even more benefits. We offer regular discounts and great deals on all our SSL products, and above all, stellar customer support.

All our certificates are compatible with CentOS, and you can always use our helping tools such as SSL Wizard and Advanced Certificate Filter to find the perfect SSL product for your project. We offer the following types of certificates:

  • Domain Validation
  • Business Validation
  • Extended Validation
  • Wildcard
  • Multi-Domain
  • Code Signing
  • IP Address
  • Email/Documents

SSL Dragon takes care of your sensitive data security, so your website or business can thrive online!

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.

Last updated on September 12, 2022