Self signed SSL Certificate – Apache

In order to create a self signed certificate for a Linux server that runs apache you must first create the required public and private keys. You can easily do that using openssl package.

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout mysitename.key -out mysitename.crt

As a next step you should edit /etc/httpd/conf.d/ssl.conf file and include the new self signed certificate files. Keep in mind that files should be copied in the requested directories.

SSLCertificateFile /etc/pki/tls/certs/mysitename.cr
SSLCertificateKeyFile /etc/pki/tls/private/mysitename.key

Lastly you can validate your certificate correctness by following my relevant article https://blog.geralexgr.com/cloud/install-entrust-ssl-chain-certificate-apache-2-red-hat-configuration

Install Entrust ssl chain certificate apache 2 – Red Hat Configuration

In order to install successfully a chain certificate (in my environment it was issued by Entrust) on a Red hat you should edit the following entries in the /etc/httpd/conf.d/ssl.conf apache file.

#Server Certificate 
SSLCertificateFile /path/to/public.pem

#Server Private Key
SSLCertificateKeyFile /path/to/private.pem

#Server Certificate Chain
SSLCertificateChainFile /path/to/chain.crt

#Certificate Authority
SSLCertificateFile /path/to/root-ca.pem

After the changes you should restart apache so that the changes take place. Keep in mind that if the certificate is password protected, you will be asked for an ssl passphrase that you should provide in order for the restart to be completed.

service httpd restart

You can ensure that the certificate is installed successfully by using the following command:

openssl s_client -connect HOSTNAME:443

Your response should look like:

Verify return code: 0 (ok)