Jan 20 2008

How to obtain and install SSL certificates on CentOS 4.5

Published by at 1:03 am under linux,Security,SSL

This article describes what needs to be done to have a SSL ( HTTPS) enabled site on CentOS 4.5. This should work on other distro’s as well but i have not tested.

Assumptions

Apache 2 Webserver

OpenSSL is installed and functional

In possession of Domain Name. If not obtain one from many Domain Name sellers like GoDaddy

  1. Generate a RSA Private Key
    sudo openssl genrsa -out my.key 1024
  2. Generate a CSR ( Certificate Signing Request ). The CSR must be signed by private key “my.key” generated in the step 1. Please note you must enter at least your domain name as highlighted below in bold.

openssl req -new -key my.key -out mysite.csr

Country Name (2 letter code) [GB]:SG
State or Province Name (full name) [Berkshire]:Singapore
Locality Name (eg, city) [Newbury]:Singapore
Organization Name (eg, company) [My Company Ltd]:NA
Organizational Unit Name (eg, section) []:NA
Common Name (eg, your name or your server’s hostname) []:your.domain.com
Email Address []:[email protected]

Now you need to take mysite.csr to a Certificate signing authority to get your SSL Certificate.

I used a free Certificate authority named CAcert.org . Very highly recommended by open source community. But the issue is that many mainstream browsers do not automatically recognize CAcert. So for first time visitors, a warning will pop up. Just accept it permanently. After this, the pop up wont show when ever you visit from the same browser.

  1. First signup with CACert. Once done, then go to the next step.
  2. Then click on “Domains->Add” as shown below
  3. Then add your domain in the provided textbox
  4. Cacert will do a domain verification by sending an email to your registered email address. Open your email and click on the link sent to you by the CAcert.
  5. Then Click on “Server Certificate ->New” to get a new certificate for your site.
  6. Open the CSR file “mysite.csr” you created above and cut and paste the content of the file into the provided text box and click submit
  7. CAcert will show the certificate file. Copy and store it on a file named mysite.crt. (filename can be anything )
  8. Configure SSL options in httpd.conf file.

An example SSL enabled virtual host configuration is shown below for your reference

NameVirtualHost *:443
<VirtualHost *:443>

ServerName your.domain.com
DocumentRoot /var/www/public

SSLEngine on
SSLCertificateFile /etc/httpd/mysite.crt
SSLCertificateKeyFile /etc/httpd/my.key
SSLVerifyClient optional

</VirtualHost>

Comments Off on How to obtain and install SSL certificates on CentOS 4.5

Comments are closed at this time.