How to Create a Local Self-Signed SSL Certificate on CentOS 8


An SSL certificate for Secure Socket Layer is used to secure and secure communications between the browser and the server. An SSL certificate is also known as a digital certificate. An SSL connection protects sensitive data such as us credit card information and passwords that are validated during each visit. When you buy an SSL certificate from a trusted third party they will say that your SSL certificate is valid and legally used by its owners.



Creating Self-Signed Certificates


Instead of buying an SSL certificate, we can use a self-signed certificate locally. Your browser will display an unreliable warning message the first time it reaches a signed certificate in the browser, but you can click that and test your app on your SSL.

Step 1: Installing Mod_SSL on CentOS

Install Apache service ,start & enable it.

[root@fosnix ~]# yum install httpd -y
[root@fosnix ~]# systemctl start httpd
[root@fosnix ~]# systemctl enable httpd
[root@fosnix ~]# systemctl status httpd

To setup of the local self-signed SSL certificate, the mod_ssl package is required:

[root@fosnix ~]# yum install mod_ssl

Verify the “mod_ssl” & “OpenSSL” Installation

[root@fosnix ~]# rpm -q mod_ssl
[root@fosnix ~]# rpm -q openssl

Step 2 : Create a Local Self-Signed SSL Certificate for Apache

First Create a Directory then add the Local Self Signed Certificate Key & File in it:

[root@fosnix ~]# mkdir -p /etc/ssl/private
[root@fosnix ~]# openssl req -x509 -nodes -newkey rsa:2048 -keyout /etc/ssl/private/ -out /etc/ssl/private/

The above command generates the Local Self Signed Certificate File & Key
Enter your Details as shown below:

Step 3 : Install Local Self-Signed SSL Certificate on Apache

Now its time to install the certificate using Apache server’s settings

[root@fosnix ~]# vim /etc/httpd/conf.d/ssl.conf

Copy Paste the below lines in the bottom of the ssl.conf file as shown below :

Ensure that your path of certificate key & file is correct.

DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/private/
SSLCertificateKeyFile /etc/ssl/private/

Save & Exit from file & restart the Apache Server

[root@fosnix ~]# systemctl restart httpd

For external users to accessing your server, need to open port 443 through the firewall as shown below :

[root@fosnix ~]# firewall-cmd --add-port=443 --zone=public --permanent
[root@fosnix ~]# firewall-cmd --reload

Step 4 : Testing Local Self-Signed SSL Certificate on Apache

[root@fosnix ~]# https://YOUR_DOMAIN_NAME

First, Click on Advance then scroll to bottom and click on proceed :
The Output is as shown below:

You may also like...

Leave a Reply

Your email address will not be published.