13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

More Sponsored Newsletters Forums Resource Library

How to enable https on Apache CentOS

by Jack Wallen in Security

on March 16, 2017, 10:44 AM PDT

For some businesses, serving up websites via HTTPS is a must-have. Here's how to
configure secure http Apache on CentOS.

We may be compensated by vendors who appear on this page through methods such as affiliate links or sponsored partnerships. This may

influence how and where their products appear on our site, but vendors cannot pay to influence the content of our reviews. For more info, visit

our Terms of Use page.

Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 1/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

More Sponsored Newsletters Forums Resource Library

If you are starting to migrate your web servers over to Linux (or have already done so) and
are looking to serve those pages up over secure http (aka https), you’re going to need to
know how to make this happen. Although https does will not guarantee security for your
web server, it is a solid first step in the process. Configuring Apache for https on CentOS
isn’t difficult, but there are a few steps. Let’s walk through the process, so you can start
serving your pages up to your clients/customers more confidently.

This walkthrough will use CentOS 7 and work with a self-signed certificate. The self-signed
option works great for personal sites or testing purposes. For your official business rollouts,
you’ll want to purchase an SSL certificate from a reputable company (such as Digicert,
Network Solutions, or GlobalSign). I will also assume you already have Apache running on
the server.

Must-read security coverage

85% of Android users are concerned about privacy
Almost 2,000 data breaches reported for the first half of 2022
In security, there is no average behavior
Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 2/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

How to secure your email via encryption, password management and more (TechRepublic Premium)
More Sponsored Newsletters Forums Resource Library

With that said, let’s begin the process.

Installing and using OpenSSL

The first step in the process is the installation of OpenSSL and the generating of the
certificate to be used. To install OpenSSL, open a terminal window and issue the command:

sudo yum install mod_ssl openssl

Issuing the above command will pick up all the necessary dependencies (Figure A).

Figure A

Now we generate the SSL key with the following commands:

Generate private key

​sudo openssl genrsa -out ca.key 2048

Generate CSR
Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 3/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

​sudo openssl req -new -key ca.key -out ca.csr

More Sponsored Newsletters Forums Resource Library

Generate Self Signed Key

​sudo openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

Now we need to copy the newly generated files to the correct locations with the following
commands:

sudo cp ca.crt /etc/pki/tls/certs

sudo cp ca.key /etc/pki/tls/private/ca.key
sudo cp ca.csr /etc/pki/tls/private/ca.csr

When you issue the command to generate the CSR, you will be asked a number of
questions for the key (such as Country Name, State or Province, Locality, Organization
Name, Organizational Unit, Common Name, Email Address, etc.). OpenSSL will also require
you to enter a challenge password for the CSR.

The next step requires the editing of the /etc/httpd/conf.d/ssl.conf file. Open that file for
editing and locate and change the following lines:

SSLCertificateFile /etc/pki/tls/certs/localhost.crt

changes to:

SSLCertificateFile /etc/pki/tls/certs/ca.crt SSLCertificateKeyFile

/etc/pki/tls/private/localhost.key

changes to:

SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Finally, restart the Apache daemon with the command:

sudo systemctl restart httpd

Create a virtual host

Let’s create a virtual host that makes use of SSL. To do this we’ll create the necessary
directories with the following commands:

Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 4/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

sudo mkdir -p /var/www/html/adorkable

More Sponsored Newsletters Forums Resource Library
​sudo mkdir -p /etc/httpd/sites-available

​sudo mkdir -p /etc/httpd/sites-enabled

I’m using “adorkable” as an example. You can use whatever name you like/need.

Next we must edit the httpd.conf file, so that it becomes aware of the sites-enabled
directory. To do this, open up /etc/httpd/conf/httpd.conf and add the following line to the
bottom of the file:

IncludeOptional sites-enabled/*.conf

Save and close that file.

Now we need to create our virtual host file. We’ll do this in /etc/httpd/sites-
available/adorkable.conf. Again, swap “adorkable.conf” with the name of your virtual host.
In that file we’ll add the following contents (customize as needed):

ServerAdmin email@address
DocumentRoot "/var/www/html/adorkable/"
ServerName AdorkableDesigns
ServerAlias adorkable
ErrorLog /var/www/html/adorkable/error.log

<directory “=”” var=”” www=”” html=”” adorkable=””>

DirectoryIndex index.html index.php
Options FollowSymLinks
AllowOverride All
Require all granted

Save and close that file.

In order for Apache to be aware of the new virtual host, we must create a symbolic link,
from sites-available to sites-enabled, with the command:

sudo ln -s /etc/httpd/sites-available/adorkable.conf /etc/httpd/sites-

enabled/adorkable.conf

Restart Apache with the command:

Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 5/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

sudo systemctl restart httpd

More Sponsored Newsletters Forums Resource Library

Your virtual host should now be visible to the server. All you have to do is add content to
the /var/www/html/adorkable directory and you’re good to go.

A quick test
That’s all there is to the setup of https on Apache with CentOS. You can do a quick test by
pointing a browser to https://IP_OF_SERVER. You should receive a security warning (since
we are using a self-signed certificate. Okay that warning and Apache will serve up your site
using https. Point your browser to https://IP_OF_SERVER/adorkable to visit the newly
created virtual host. Depending on what type of site you are serving up, you might have to
do a bit of extra work with that particular platform.

Easy peasy https

You have officially set up your Apache server to work with https. As I mentioned earlier, if
you plan on using this for public-facing, business sites, I highly recommend purchasing your
SSL certificates from a reputable dealer (or using Let’s Encrypt).

See: How to install and use Let’s Encrypt on a Ubuntu Server for SSL security
(TechRepublic)

Also See
How to install the OpenVAS vulnerability scanner on Ubuntu 16.04 (TechRepublic)
How to add more entropy to improve cryptographic randomness on Linux
(TechRepublic)
Ebook: Why Munich made the switch from Windows to Linux--and may be reversing
course (PDF download) (TechRepublic)
How Mark Shuttleworth became the first African in space and launched a software
revolution (PDF download) (TechRepublic)
How to fix Apache 2 not executing PHP files (TechRepublic)
How to solve SELinux issues with ease using SELinux Alert Browser (TechRepublic)
How to harden MySQL security with a single command (TechRepublic)
How to harden Ubuntu Server 16.04 security in five steps (TechRepublic)
Linux Foundation releases business open source basics ebook (ZDNet)

Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 6/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

More Sponsored Newsletters Forums Resource Library

WHITE PAPERS, WEBCASTS, AND DOWNLOADS

Cloudli Communications Delivers the Future of Work

Product Specs from Cloudli

FIND OUT MORE

The Ultimate Learn to Code Training (5 Courses)

Training from TechRepublic Academy

VIEW THIS NOW

LIFETIME LICENSE: Microsoft Office Professional for Mac

Downloads from TechRepublic Academy

DOWNLOAD NOW

Complete 2022 CompTIA Certification Course

Training from TechRepublic Academy

GET STARTED

Managing accounts payable operations during COVID-19 policy

Tools & Templates from TechRepublic Premium
Privacy
VIEW THIS NOW
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 7/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic
VIEW THIS NOW

More Sponsored Newsletters Forums Resource Library

SPONSORED CONTENT

Best Accounting Software &

Tools for 2022
BY TECHNOLOGYADVICE

TechRepublic's Pro Tips to Make

Windows 11 Work the Way You Want

No matter how you look at it, adjusting configuration

settings in Microsoft Windows 11 can get complicated
very quickly.

Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 8/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

More Sponsored Newsletters Forums Resource Library

Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 9/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

More Sponsored Newsletters Forums Resource Library

By Jack Wallen
Jack Wallen is an award-winning writer for TechRepublic, The New Stack, and Linux New
Media. He's covered a variety of topics for over twenty years and is an avid promoter of
open source. For more news about Jack Wallen, visit his website jackwallen.com.

| See all of Jack's content

OPEN SOURCE SECURITY

EDITOR'S PICKS

Windows 11 22H2 is here

TechRepublic Premium editorial calendar: IT

policies, checklists, toolkits, and research for
download

AI at the edge: 5 trends to watch

iPadOS cheat sheet: Everything you should know

Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 10/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

More Sponsored Newsletters Forums Resource Library

Review this list of the best data intelligence 108 Excel tips every user should master
software

Data governance checklist for your organization

How to recruit and hire a Scrum Master

Web 3.0 quick glossary

How to recruit and hire a User Experience Designer

SERVICES

About Us

Newsletters

RSS Feeds

Site Map

Site Help & Feedback

FAQ

Advertise

Do Not Sell My Information

Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 11/12
13/10/2022, 13:10 How to enable https on Apache CentOS | TechRepublic

EXPLORE
More Sponsored Newsletters Forums Resource Library

Downloads

TechRepublic Forums

Meet the Team

TechRepublic Academy

TechRepublic Premium

Resource Library

Photos

Videos

© 2022 TechnologyAdvice. All rights reserved.

Privacy Policy Terms of Use Property of TechnologyAdvice

Privacy
https://www.techrepublic.com/article/how-to-enable-https-on-apache-centos/ 12/12