In this article, we will show you how to install an SSL certificate on Red Hat Linux (RHEL) Apache server. You will also learn how to generate a CSR code on RHEL – a necessary step for your SSL certificate activation. In part three, you will discover a few interesting facts about the Red Hat, while in the final section of this article, we will give you useful tips on where to buy the best SSL certificate for your Red Hat Linux. If you’ve already generated the CSR, you can skip the next section.
Generate the CSR on Red Hat Linux
The Certificate Signing Request, or simply CSR, is a small text file containing information about your domain ownership and/or company. Generating CSR is an integral part of the SSL buying process. All commercial Certificate Authorities require SSL applicants to complete this step. Here’s how you can create your CSR on Red Hat Linux:
- To generate the CSR, you need the Open SSL utility. It should come pre-installed in your system, but if you don’t have it, run the following command:
$ sudo yum install openssl
- Next, type the following command to generate your CSR and private key:
Note: replace the example.com with your actual domain name.
$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
- Now, enter the following information into the CSR. Please, use only alphanumeric characters when entering your details
- Country Name: enter the two-letter code of your country.
- State or Province Name: type the full name of the state or region where your company is registered
- Locality Name: specify the name of the city or town where your business is located
- Organization Name: enter the officially registered name of your company. For instance, GPI Holding LLC. For Domain Validation certificates, you can put in NA instead
- Organization Unit Name: it’s usually IT or Web Administration. You can sue NA for DV certificates
- Common Name: enter the Fully Qualified Domain Name (FQDN) you want to secure. For example, yourdomain.com. If you want to install a wildcard certificate, add an asterisk in front of your domain name (e.g. *.yourdomain.com)
- Email Address: provide a valid email address
- A challenge password: leave blank
- An Optional Company Name: leave blank
The OpenSSL utility will instantly create two files:
- .key containing your private key (you will need it later during SSL installation)
- .csr containing your CSR code (you will need it when applying for your SSL certificate)
Open the yourdomain.csr file with a text editor of your choice, and copy-paste its content including the —–BEGIN CERTIFICATE REQUEST—– and footer —–END CERTIFICATE REQUEST—– tags during your order process with your SSL vendor.
Install an SSL certificate on Red Hat Linux
Your Certificate Authority will provide the necessary installation files via email. You need to download the zip folder and extract its contents to your server/desktop. Follow the steps below to complete the SSL installation:
1.Open your primary SSL certificate file with a text editor of your choice and copy the entire content including the Begin Certificate and End Certificate tags, and paste it into a new file. Name it yourdomain.crt.
2. Next, copy the yourdomain.crt file into your server directory where you’ll store the SSL certificates. For example, /yourdomain/httpd/conf/ssl.crt/. Therefore, you should store your your certificate files in the following locations:
- /yourdomain/httpd/conf/ssl.crt/ – You need to store all the certificates here.
- /yourdomain/httpd/conf/ssl.key/ – You need to store the private keys here.
- /yourdomain/httpd/conf/ca-bundle/ – All the bundle files should go here.
3. Now, you can install your SSL certificate. In the Virtual Host settings for your site, in the httpd.conf file, you will need to add the following:
- Copy the PEM formatted Bundled CA file onto the directory location of all your CA-Bundle files. Example, /etc/httpd/conf/ssl.crt/.
- Open your httpd.conf file with any text editor.
- Add the following line to the SSL section of the httpd.conf SSLCACertificateFile /yourdomain/httpd/conf/ssl.crt/ca-chain-pem.txt
4. The updated SSL section of httpd.conf file should look like the example below:
- SSLCertificateFile /yourdomain/httpd/conf/ssl.crt/server.crt
- SSLCertificateKeyFile /yourdomain/httpd/conf/ssl.key/server.key
- SSLCACertificateFile / yourdomain /httpd/conf/ssl.crt/ca-chain-pem.txt
5. Save the httpd.conf file and restart your Apache server
Congrats, you’ve successfully installed your SSL certificate. You can use one of these excellent SSL tools to check the status of your installation. The instant scans will discover any potential errors and vulnerabilities that may affect the certificate performance.
Red Hat history
Red Hat, Inc. is an American multinational software company that offers open-source software products to enterprises. Founded in 1993, Red Hat became a subsidiary of IBM on July 9, 2019.
Red Hat Enterprise Linux (RHEL) is a Linux distribution developed by Red Hat for the commercial market. First released in 2000, RHEL is available for the following platforms: x86-64; ARM64; IBM Z; IBM Power System. The latest release of RHEL at the time of writing this guide is 8.3.
Where to buy the best SSL certificate for Red Hat Linux?
The best place to get an SSL Certificate for Red Hat Linux is from SSL Dragon. We offer unbeatable prices and discounts on the entire range of our SSL products. We’ve carefully selected the best SSL brands on the market to equip your website with bulletproof protection. All our SSL certificates are compatible with Red Hat Linux. Here are the types of SSL certificates we sell:
- Domain Validation
- Business Validation
- Extended Validation
- Code Signing
- IP Address
To help you choose the perfect SSL certificate, we developed two exclusive SSL tools. Our SSL Wizard needs just a couple of seconds to find the best SSL deal for your website, while the Advanced Certificate Filter lets you sort and compare various SSL certificates by price, validation, and features.
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected] Your input would be greatly appreciated! Thank you.