How to install Apache SSL certificate on CentOS 7 Linux
In today Tutorial, we want to demonstrate how to install Apache SSL certificate on CentOS 7 Linux.
as you may now, having a ssl certificate for a website is mandatory today and have significant impact on your SEO rank.
also by having a ssl certificate, your users trust more on your website.
Here is our environment:
OS: CentOS 7 linux on VMWare
Firewall: firewalld
SElinux: enforcing
IP Address: 192.168.147.128
1- Install Apache
first we install apache and mod_ssl from base repository:
# yum install httpd mod_ssl
2- Generate certificate
We require a directory for keeping certificate files. so first create it:
# mkdir -p /etc/httpd/cert/
then issue the following command to generate certificate:
# sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/cert/private.key -out /etc/httpd/cert/certificate.crt
the output would be:
Country Name (2 letter code) [AU]:US State or Province Name (full name) [Some-State]:New York Locality Name (eg, city) []:New York City Organization Name (eg, company) [Internet Widgits Pty Ltd]:Bouncy Castles, Inc. Organizational Unit Name (eg, section) []:Ministry of Water Slides Common Name (e.g. server FQDN or YOUR name) []:server_IP_address Email Address []:admin@your_domain.com
3- Configure SSL
Now, we create a file under conf.d directory named ssl.conf and put the following content in it:
# vim /etc/httpd/conf.d/ssl.conf
Listen 443 https SSLPassPhraseDialog builtin SSLSessionCache shmcb:/var/cache/mod_ssl/scache(512000) SSLSessionCacheTimeout 300 SSLStaplingCache "shmcb:logs/stapling-cache(150000)" Mutex default SSLRandomSeed startup file:/dev/urandom 256 SSLRandomSeed connect builtin SSLCryptoDevice builtin <VirtualHost _default_:443> ErrorLog logs/ssl_error_log TransferLog logs/ssl_access_log LogLevel warn SSLEngine on SSLProtocol -all +TLSv1.1 +TLSv1.2 SSLHonorCipherOrder On Header always set Strict-Transport-Security "max-age=63072000; includeSubDomains; preload" Header always set X-Frame-Options DENY Header always set X-Content-Type-Options nosniff SSLCompression off SSLUseStapling on SSLSessionTickets Off SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA SSLCertificateFile /etc/httpd/cert/certificate.crt SSLCertificateKeyFile /etc/httpd/cert/private.key #SSLCACertificateFile /etc/httpd/cert/ssl/ca-bundle.cer <Files ~ "\.(cgi|shtml|phtml|php3?)$"> SSLOptions +StdEnvVars </Files> <Directory "/var/www/cgi-bin"> SSLOptions +StdEnvVars </Directory> SetEnvIf User-Agent ".*MSIE.*" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 CustomLog logs/ssl_request_log \ "%t %h %{SSL_PROTOCOL}x %{SSL_CIPHER}x \"%r\" %b" DocumentRoot /var/www/html ServerName 192.168.147.128 </VirtualHost>
Note: remember to change “ServerName 192.168.147.128” with your own IP address.
4- Start Service
Finally we start apache service:
# systemctl start httpd # systemctl enable httpd
5- Configure firewall
we must open port 80 and 443. so run these commands:
# firewall-cmd --add-service=http --permanent # firewall-cmd --add-service=https --permanent # firewall-cmd --reload
finally point to https://your_server_ip_address in your favorite browser.
*Secure Connection Failed
An error occurred during a connection to 192.168.100.10. SSL received a record that exceeded the maximum permissible length. (Error code: ssl_error_rx_record_too_long)*
*********************************************************************************************************************************************************
here i have my webserver on IP 192.168.100.10 i have tried lot different way to configure ssl but its showing this same error. if i search like 192.168.100.10:443 its working when my webserver is running on port 80 but if i try like https://192.168.100.10 it has ssl_error_rx_record_too_long error.