Secure Apache WebServer using SSL Certificates in Linux

Secure Apache WebServer using SSL Certificates in Linux


In Linux,Apache is the most widely used WebServer , will make it secure by implementing SSL Certificates. I am assuming  httpd package(i.e apache software) is already installed on the linux box.

Step 1: Install the necessary packages

[root@localhost /]# yum install mod_ssl openssl

Step 2: Generate the self signed certificate.

Using OpenSSL we will generate a self-signed certificate. If you are using this on a production server you are probably likely to want a key from Trusted Certificate Authority, but if you are just using this on a personal site or for testing purposes a self-signed certificate is fine. To create the key you will need to be root so you can either su to root or use sudo in front of the commands.

# Generate private key using below command

 [root@localhost /]# openssl genrsa  -out server.key 1024

# Now create certificate Signing Request(CSR) With Server RSA Private Key using below command

 [root@localhost /# openssl req -new -key server.key -out server.csr

# Now choose the CA to Sign Your Server’s Certificate , using below command

 [root@localhost /#openssl x509 -req -days 365 -in server.csr -signkey server.key -outserver.crt

Now we have successfully created and signed a certificate and Copy the files to the correct locations

 [root@localhost~]#cp server.crt etc/pki/tls/certs

[root@localhost~]#cp server.key etc/pki/tls/private

[root@localhost~]#cp server.csr /etc/pki/tls/private


Step 3: edit the ssl.conf file

[root@localhost ~]# vi /etc/httpd/conf.d/ssl.conf


Change the paths to match where the Key file is stored. If you’ve used the method above it will be

 SSLCertificateFile /etc/pki/tls/certs/server.crt

SSLCertificateKeyFile /etc/pki/tls/private/server.key

Save & quit the file and restart the apache serivce

 [root@localhost ~]# /etc/init.d/httpd restart

Step 4: modify the httpd.conf file

[root@localhost ~]# vi /etc/httpd/conf/httpd.conf

Save & quit and Put the html  files in /var/www/html and restart httpd service using below command :

[root@localhost html]# /etc/init.d/httpd restart

Step 4 : If your web server is running behind the firewall , then open 443 port.  Once all the steps are done , we can access the our website “” using webroswer.