How to install Apache SSL certificate on CentOS 7 Linux

In today Tutorial, we want to demonstrate how to install Apache SSL certificate on CentOS 7 Linux.

as you may now, having a ssl certificate for a website is mandatory today and have significant impact on your SEO rank.

also by having a ssl certificate, your users trust more on your website.

Here is our environment:

OS: CentOS 7 linux on VMWare
Firewall: firewalld
SElinux: enforcing
IP Address:

1- Install Apache

first we install apache and mod_ssl from base repository:

# yum install httpd mod_ssl

2- Generate certificate

We require a directory for keeping certificate files. so first create it:

# mkdir -p /etc/httpd/cert/

then issue the following command to generate certificate:

# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/cert/private.key -out /etc/httpd/cert/certificate.crt

the output would be:

Country Name (2 letter code) [AU]:US
State or Province Name (full name) [Some-State]:New York
Locality Name (eg, city) []:New York City
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc.
Organizational Unit Name (eg, section) []:Ministry of Water Slides
Common Name (e.g. server FQDN or YOUR name) []:server_IP_address
Email Address []

3- Configure SSL

Now, we create a file under conf.d directory named ssl.conf and put the following content in it:

# vim /etc/httpd/conf.d/ssl.conf
Listen 443 https
SSLPassPhraseDialog builtin
SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000)
SSLSessionCacheTimeout 300
SSLStaplingCache "shmcb:logs/stapling-cache(150000)"
Mutex default
SSLRandomSeed startup file:/dev/urandom 256
SSLRandomSeed connect builtin
SSLCryptoDevice builtin
<VirtualHost _default_:443>
ErrorLog logs/ssl_error_log
TransferLog logs/ssl_access_log
LogLevel warn
SSLEngine on
SSLProtocol -all +TLSv1.1 +TLSv1.2
SSLHonorCipherOrder On
Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload"
Header always set X-Frame-Options DENY
Header always set X-Content-Type-Options nosniff
SSLCompression off
SSLUseStapling on
SSLSessionTickets Off
SSLCertificateFile /etc/httpd/cert/certificate.crt
SSLCertificateKeyFile /etc/httpd/cert/private.key
#SSLCACertificateFile /etc/httpd/cert/ssl/ca-bundle.cer
<Files ~ "\.(cgi|shtml|phtml|php3?)$">
SSLOptions +StdEnvVars
<Directory "/var/www/cgi-bin">
SSLOptions +StdEnvVars
SetEnvIf User-Agent ".*MSIE.*" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
CustomLog logs/ssl_request_log \
"%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b"
DocumentRoot /var/www/html

Note: remember to change “ServerName” with your own IP address.

4- Start Service

Finally we start apache service:

# systemctl start httpd
# systemctl enable httpd

5- Configure firewall

we must open port 80 and 443. so run these commands:

# firewall-cmd --add-service=http --permanent
# firewall-cmd --add-service=https --permanent
# firewall-cmd --reload

finally point to https://your_server_ip_address in your favorite browser.