In this article we will shows step-by-step instructions on How to install SSL certificate on web server hosted in Linux operating system.
In one of the previous post we have already generated the self-signed SSL cert so I would request you to visit it on getting the CERT How to Generate Self-Signed Certificate on Rocky Linux.
Pre-requisite
- Rocky Linux 8 or 9 Installed with HTTP Server
- User with sudo privileges
- Make sure the server.crt & server.csr generated in blog How to Generate Self-Signed Certificate on Rocky Linux is copied to /etc/pki/tls/certs and /etc/pki/tls/private/ respectively
Packages Installation
Let us install the required packages
dnf -y install mod_sslAllow Firewall for HTTPS
firewall-cmd --zone=public --permanent --add-service=https
firewall-cmd --reloadConfiguring the SSL/TLS Settings
Open the default configuration file
vi /etc/httpd/conf.d/ssl.confChange the following Lines
FROM
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.keyTO
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.csrTo redirect all HTTP traffic to HTTPS
Create a new file
vi /etc/httpd/conf.d/redirect_http.confInsert the following content and save file, replacing “your-server-hostname” with your hostname
<VirtualHost _default_:80>
Servername rocky-linux
Redirect permanent / https://your-server-hostname-or-ip/
</VirtualHost/>Enable and restart the HTTP service
systemctl enable httpd
systemctl restart httpdThe Apache web server will redirect any incoming traffic from http://your-server-hostname to https://your-server-hostname
Test the mod_ssl configuration
Enter the following in a web browser:
https://your-server-ipOR
https://your-server-hostnameConclusion
We hope that this post has made it clearer for you to understand how to use SSL to secure Apache on Rocky Linux. If you need more information on the usage of SSL for Rocky Linux you may refer mod_ssl on Rocky Linux