How to install Apache SSL certificate on CentOS 7 Linux
In today Tutorial, we want to demonstrate how to install Apache SSL certificate on CentOS 7 Linux.
as you may now, having a ssl certificate for a website is mandatory today and have significant impact on your SEO rank.
also by having a ssl certificate, your users trust more on your website.
Here is our environment:
OS: CentOS 7 linux on VMWare
Firewall: firewalld
SElinux: enforcing
IP Address: 192.168.147.128
1- Install Apache
first we install apache and mod_ssl from base repository:
# yum install httpd mod_ssl
2- Generate certificate
We require a directory for keeping certificate files. so first create it:
# mkdir -p /etc/httpd/cert/
then issue the following command to generate certificate:
# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/cert/private.key -out /etc/httpd/cert/certificate.crt
the output would be:
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:New York City Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc. Organizational Unit Name (eg, section) []:Ministry of Water Slides Common Name (e.g. server FQDN or YOUR name) []:server_IP_address Email Address []:admin@your_domain.com
3- Configure SSL
Now, we create a file under conf.d directory named ssl.conf and put the following content in it:
# vim /etc/httpd/conf.d/ssl.conf
Listen 443 https
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
Mutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol -all +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLUseStapling on
SSLSessionTickets Off
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA
SSLCertificateFile /etc/httpd/cert/certificate.crt
SSLCertificateKeyFile /etc/httpd/cert/private.key
#SSLCACertificateFile /etc/httpd/cert/ssl/ca-bundle.cer
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
</Files>
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
</Directory>
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
DocumentRoot /var/www/html
ServerName 192.168.147.128
</VirtualHost>
Note: remember to change “ServerName 192.168.147.128” with your own IP address.
4- Start Service
Finally we start apache service:
# systemctl start httpd # systemctl enable httpd
5- Configure firewall
we must open port 80 and 443. so run these commands:
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=https --permanent # firewall-cmd --reload
finally point to https://your_server_ip_address in your favorite browser.
*Secure Connection Failed
An error occurred during a connection to 192.168.100.10. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)*
*********************************************************************************************************************************************************
here i have my webserver on IP 192.168.100.10 i have tried lot different way to configure ssl but its showing this same error. if i search like 192.168.100.10:443 its working when my webserver is running on port 80 but if i try like https://192.168.100.10 it has ssl_error_rx_record_too_long error.