RedHat Linux Server SSL Installation Guide with Easy Steps
Securing your web server with an SSL certificate is crucial for protecting sensitive data transmitted between your site and visitors. In this guide, I’ll walk you through how to Install SSL Certificate in RedHat Linux Server. This process enhances security by preventing malicious actors from intercepting or modifying data during transmission. We’ll cover generating a certificate signing request, purchasing and downloading a certificate from a trusted authority, and properly configuring your RedHat Linux server to use the SSL certificate.
Following this guide will ensure your RedHat Linux web server is configured with a valid SSL certificate for secure HTTPS connections with site visitors.
Key Takeaways
- RedHat Linux has a mod_ssl module to enable Apache to use SSL certificates.
- Use openssl commands to generate a private key and CSR for the SSL certificate.
- Purchase the SSL certificate from a trusted Certificate Authority.
- Install the purchased SSL certificate and bundle/chain file on the server.
- Configure Apache and HTTPS settings to enable SSL and redirect HTTP to HTTPS.
- Test the SSL certificate is working correctly using online SSL checkers.
- Renew the SSL certificate before it expires to maintain secure HTTPS connections.
Prerequisites Before Installing an SSL Certificate on RedHat Linux
- A registered domain name for your website.
- Root access to your RedHat Linux server.
- Apache web server installed and configured.
- OpenSSL is installed to generate private keys.
7 Easy Steps to Install SSL Certificate in RedHat Linux Server
- Generate Private Key & CSR
- Purchase SSL Certificate
- Install SSL Certificate
- Configure Apache for SSL
- Redirect HTTP to HTTPS
- Test SSL Certificate
- Renew SSL Certificate
Step 1: Generate Private Key & CSR
The first step is to generate a private key and Certificate Signing Request (CSR) on your server. You must submit this to the Certificate Authority when purchasing your SSL certificate.
- Use the openssl command to generate a 2048-bit private key:
openssl genrsa -out domain.key 2048
Replace the domain.key with your desired filename.
- Next, generate the CSR using your private key:
openssl req -new -key domain.key -out domain.csr
You will be prompted to enter details like your registered domain name, server location, and company details.
- Your domain.key and domain.csr files are now ready to use when purchasing your SSL certificate.
Step 2: Purchase SSL Certificate
You now need to purchase an SSL certificate from a trusted Certificate Authority (CA) using the CSR you generated.
Some popular options include:
- Comodo
- DigiCert
- GlobalSign
- GoDaddy
- RapidSSL
The process involves:
- You can go to the provider’s website and select the type of SSL certificate you require. Some options are single-domain SSL, Wildcard SSL, or multi-domain SSL certificates.
- Sign up for an account if you still need to get one.
- Paste your CSR during the purchase process.
- Verify control of your domain via email or DNS.
- Pay the applicable SSL certificate fees, which can range from $15 – $500+ depending on the type, validation level, and duration.
Make sure to download the purchased SSL certificate files, which include root and intermediate certificates. You may get 3 separate PEM/CRT files:
- domain.crt – Primary SSL certificate.
- intermediate.crt – Intermediate certificate bundle.
- root.crt – Root certificate.
Step 3: Install SSL Certificate
Once you have purchased and downloaded your SSL certificate files, you need to install them on your RedHat Linux server.
- Create a new directory to store your keys and certificates:
mkdir /etc/httpd/ssl
- Move the private key and primary SSL certificate to this folder:
mv domain.key /etc/httpd/ssl/
mv domain.crt /etc/httpd/ssl/
- Concatenate the intermediate and root certificates into a bundle file:
cat intermediate.crt root.crt > /etc/httpd/ssl/bundle.crt
This bundle is required to establish the chain of trust.
Your /etc/httpd/ssl/ folder should now contain:
- domain.key – Private key
- domain.crt – Primary SSL certificate
- bundle.crt – Certificate chain bundle
Step 4: Configure Apache for SSL
Next, we need to configure Apache to use our installed SSL certificate and enable HTTPS.
- Open the Apache configuration file:
vi /etc/httpd/conf.d/ssl.conf
- Add the following to enable SSL and set the key/certificate paths:
SSLEngine on
SSLCertificateFile /etc/httpd/ssl/domain.crt
SSLCertificateKeyFile /etc/httpd/ssl/domain.key
SSLCertificateChainFile /etc/httpd/ssl/bundle.crt
- Save and close the file when editing is finished.
- Open the main Apache configuration file:
vi /etc/httpd/conf/httpd.conf
- Add the following line anywhere in the file to load the ssl.conf module:
Include conf.d/ssl.conf
- Save and close this file, too.
- Finally, restart Apache for the configuration changes to take effect:
systemctl restart httpd
Apache is now configured to use SSL and your certificate files for HTTPS connections.
Step 5: Redirect HTTP to HTTPS
To ensure all requests use secure HTTPS, we need to redirect any plain HTTP requests to HTTPS in Apache.
- Open the ssl.conf file again:
vi /etc/httpd/conf.d/ssl.conf
- Add the following lines anywhere in the file:
<VirtualHost *:80> Redirect permanent / https://domain.com/ </VirtualHost>
- Save changes and restart Apache:
systemctl restart httpd
This will now redirect all HTTP traffic to HTTPS using status code 301.
Step 6: Test SSL Certificate
The final step is to test that your SSL certificate is working correctly on your RedHat Linux server.
- Try browsing https://yourdomain.com – You should not see any certificate warnings.
- Use free online SSL Checker Tool from SSLInsights to test your server. It will validate your certificate chain and show if there are any issues.
- Check for mixed content warnings – Ensure resources like images/CSS are loaded over HTTPS as well.
- Verify that the redirect works by browsing to HTTP and confirm you are redirected to HTTPS.
- Test on various clients like desktop browsers, mobile, and Postman.
If any issues arise, you may need to recheck your certificate configuration or work with the CA provider to troubleshoot.
Step 7: Renew SSL Certificate
SSL certificates have an expiration date and need to be renewed before they lapse. The expiry is usually set 1-3 years in the future.
You will receive email reminders when it’s time for SSL renewal. The process largely involves re-generating a new CSR and then purchasing and installing a renewed certificate.
Set yourself a calendar reminder a few weeks before your certificate expires to ensure your website remains securely encrypted with a valid SSL certificate.
Final Thoughts
Installing an SSL certificate provides trusted HTTPS encryption between your RedHat Linux server and website visitors. This secures your connection and provides user verification.
Following the steps outlined in this guide, you can generate private keys, purchase trusted SSL certificates tailored for your server, install them correctly in Apache, and configure forced HTTPS.
Regular SSL certificate renewal will keep your website operating over HTTPS long into the future.
Frequently Asked Questions
How do I generate a CSR on RedHat Linux for an SSL certificate?
Use the openssl req command to generate a CSR. Specify the -new and -nodes options and provide the required certificate details when prompted.
What is the default location for storing SSL certificates on RedHat Linux?
The default location is /etc/pki/tls/certs. Private keys are stored in /etc/pki/tls/private.
How do I install an SSL certificate on RedHat Linux?
Copy the certificate files to the default locations. For the public cert, run: cp yourdomain.crt /etc/pki/tls/certs. For the private key: cp yourdomain.key /etc/pki/tls/private.
How do I configure Apache to use an SSL certificate on RedHat Linux?
Edit the Apache config file at /etc/httpd/conf.d/ssl.conf. Specify the paths to the certificate and key files using the SSLCertificateFile and SSLCertificateKeyFile directives.
What is the command to restart Apache after installing an SSL certificate?
Run ‘systemctl restart httpd’ to restart the Apache service and load the new SSL certificate.
How do I verify that Apache is serving pages over HTTPS?
Use the SSLInsights SSL checker tool to validate your server’s HTTPS configuration. You can also visit your site in a browser and check for the Tune icon.
Priya Mervana
Verified Web Security Experts
Priya Mervana is working at SSLInsights.com as a web security expert with over 10 years of experience writing about encryption, SSL certificates, and online privacy. She aims to make complex security topics easily understandable for everyday internet users.
