In this guide, you will learn how to install an SSL Certificate on CentOS. If you don’t know where to buy an SSL Certificate for CentOS, please read until the end to discover the best SSL shop, and search tools for the optimal certificate.
Table of contents
- Generate a CSR code
- How to Install an SSL Certificate on CentOS 8
- How to Install an SSL Certificate on CentOS 7 & 6
- Where to Buy an SSL Certificate for CentOS?
We also recorded a video that walks you through the entire process of installing an SSL certificate on CentOS:
If you prefer the text version of the tutorial, keep reading below:
Generate a CSR code
When applying for an SSL Certificate, you need to generate a CSR (Certificate Signing Request) and send it to the Certificate Authority. The CSR is a block of text that includes up to date information about your website or organization, as well as the public key.
You have two options:
- Generate the CSR automatically using our CSR Generator.
- Follow our step-by-step tutorial on how to create a CSR on CentOS.
How to Install an SSL Certificate on CentOS 8
Step 1: Ensure that mod_ssl is installed on your system
You can check this via the following command:
rpm -qa | grep mod_ssl
If it’s not, install it with
dnf install mod_ssl
Step 2: Create the chain of your SSL certificate
It must include the private key, as well as the root, intermediate and server certificates.
cat pub-key.pem ca-chain.pem > full-chain.pem
Place the PEM file with the SSL chain in the following directory on your Apache server: /etc/pki/tls/certs
Place the private key in the /etc/pki/tls/private/ folder.
Secure your private key by making it inaccessible to other users:
chmod -R 600 /etc/pki/tls/private/
Step 3: Configure the Virtual Host block
In the configuration file for your domain (with .conf extension), insert the following block of code:
SSLEngine on
# The path to the complete chain of your SSL certificate
SSLCertificateFile /etc/pki/tls/certs/full-chain.pem
# The path to the private key
SSLCertificateKeyFile /etc/pki/tls/private/privkey.pem
# The path to the content of your website.
AllowOverride All
# The path to the content of your website
DocumentRoot /var/www/yourdomain.com
# Domain name of your website
ServerName yourdomain.com
ServerAlias yourdomain.com
Replace yourdomain.com with your actual domain name.
If you don’t have a configuration file, create it via
nano /etc/httpd/conf.d/yourdomain.conf
and place it in the /etc/httpd/conf.d/ directory.
Add HTTPS redirects to your .conf file:
ServerName yourdomain.com
ServerAlias www.yourdomain.com
Redirect "/" "https://yourdomain.com/"
Step 4: Save the changes and close the file
Step 5: Restart Apache:
systemctl restart httpd
How to Install an SSL Certificate in CentOS 7 & 6
Step 1: Download the certificates
Download the primary and intermediate certificates that you’ve obtained from your SSL provider
Step 2: Copy your SSL files to your Apache server
Make sure the .key file that you created along the CSR generation is also present on your server
Step 3: Locate and edit the httpd.conf or ssl.conf file in the Apache configuration
Uses the cp and nano commands:
# cp /etc/httpd/conf.d/ssl.conf /etc/httpd/conf.d/ssl.conf.BAK
# nano /etc/httpd/conf.d/ssl.conf
If one or more files are commented out, remove the # character from the starting line, and enter the absolute path according to your Apache version.
For Apache versions older than the 2.4.8 release have the following directives and path:
- SSLCertificateFile – The path of your certificate file
- SSLCertificateKeyFile – The path of your key file
- SSLCertificateChainFile – The intermediate bundle path.
For Apache version 2.4.8 and higher have the following directives and path:
- SSLCertificateFile – The path of your certificate file
- SSLCertificateKeyFile – The path of your key file
- SSLCertificatePath – The intermediate bundle path.
Here’s an example of your certificates’ absolute file path. You can copy-paste the code below, but make sure to specify the correct names of your files.
SSLCertificateFile /etc/httpd/conf/ssl.crt/your_leaf_certificate.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/your_domain_name.key
SSLCACertificatePath /etc/httpd/conf/ssl.chain/your_intermediate_chain.crt
Note: Remember to change the permission of the certificate key file:
# chmod 400 /etc/httpd/conf/ssl.key/your_domain_name.com.key
Step 4: Restart the Apache
Save your configuration and restart Apache to complete the SSL installation.
Where to Buy an SSL Certificate for CentOS?
The best place to buy an SSL Certificate for your CentOS server is from a reputable SSL reseller such as SSL Dragon. Our prices are the lowest on the market, but there are even more benefits. We offer regular discounts and great deals on all our SSL products, and above all, stellar customer support. All our certificates are compatible with CentOS.
SSL Dragon takes care of your sensitive data security, so your website or business can thrive online!
Frequently Asked Questions
To check the SSL certificate on CentOS, use the following OpenSSL command:
openssl x509 -text -in certificate.crt -noout
Copy Link
By default, the SSL certificates on CentOS are stored in the /etc/pki/tls/certs/ directory. The private keys reside in /etc/pki/tls/private/ directory.
Copy Link
Open SSL comes pre-installed in all Linux distributions, including CentOS. Learn more about OpenSSL and its command lines.
Copy Link
Save 10% on SSL Certificates when ordering today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10