Connect with us

Hi, what are you looking for?

Latest

How to create a local self-signed SSL certificate for CentOS 8

SSL (Secure Socket Layer) and the enhanced version TLS (Transport Socket Layer) are security protocols used to protect web traffic sent from a customer’s web browser to a web server.

The SSL certificate is a digital certificate that creates a secure channel between the client’s browser and the web server. At the same time, confidential and sensitive data such as credit card details, login details and other sensitive information are encrypted to prevent hackers from eavesdropping on and stealing your data.

What is a self-signed SSL Certificate?

A self-signed SSL Certificate is, unlike other SSL Certificates that are signed and trusted by a Certificate Authority (CA), a certificate that is signed by the person to whom it belongs.

It’s absolutely free and it’s the cheapest way to encrypt your local web server. However, the use of a self-signed SSL Certificate in a production environment is strongly discouraged for the following reasons:

  1. Because it is not signed by a CA, a self-signed SSL Certificate generates alerts in web browsers, alerting users to potential risks if they decide to continue their work. These warnings are undesirable and prevent users from visiting your website, which can reduce web traffic. To avoid these alerts, organizations generally encourage their staff to simply ignore them and proceed. This can become a dangerous habit for users who choose to continue to ignore these warnings on other websites and who may fall victim to phishing sites.
  2. Self-signed certificates have a low level of security because they implement low-value encryption and hash technologies. It is therefore possible that the security level is not in accordance with the standard security policy.
  3. In addition, there is no support for Public Key Infrastructure (PKI) functions.

At the same time, using a self-signed SSL certificate is a good idea for testing services and applications on a local machine that requires TLS / SSL encryption.

In this tutorial you will learn how to install a self-signed local SSL certificate on the local Apache server of the CentOS 8 server system.

Requirements:

Before you start work, make sure that you meet the following basic requirements:

  1. A copy of the CentOS 8 server.
  2. The Apache web server installed on the server.
  3. The hostname already configured and set in /etc/hosts. For this guide we will use tecmint.local as the hostname of our server.

Step 1: Installation of Mod_SSL on CentOS

1. First make sure that the Apache web server is installed and running.

$ State sudo systemctl httpd

This is the expected result.

How to create a local self-signed SSL certificate for CentOS 8

Check the Apache status

If the web server is not running, you can start it up and activate it at startup with a single command.

sudo systemctl start httpd
$ sudo systemctl start httpd

How to create a local self-signed SSL certificate for CentOS 8

Running the Apache web server

You can check to see if Apache is working.

2. A mod_ssl package is required to install and configure a self-signed local SSL certificate.

$ install sudo dnf mod_ssl

After installation, you can check the installation by performing it.

$ sudo rpm -q mod_ssl

How to create a local self-signed SSL certificate for CentOS 8

Check SSL installation change

Also make sure that the OpenSSL package is installed (OpenSSL is installed by default in CentOS 8).

$ sudo rpm -q openssl

How to create a local self-signed SSL certificate for CentOS 8

Check the Openssl installation

Step 2: Creation of a self-signed local SSL Certificate for Apache

3. Once the Apache web server and all conditions have been verified, you must create a directory in which the cryptographic keys are stored.

In this example we have created a directory in /etc/ssl/private.

$ sudo mkdir -p /etc/ssl/private

Now use the command to create a key and a local SSL certificate file:

$ sudo openssl req -x509 -noodes -newkey rsa:2048 -keyout tecmint.local.key -out tecmint.local.crt

Let’s see what some of the team’s options really mean:

  • req -x509 – this indicates that we are using Certificate Signing Request (CSR) x509
  • -Node – This option tells OpenSSL not to encrypt SSL certificates with a passphrase. The idea here is to allow Apache to read the file without user intervention, which would not have been possible if the passphrase had been given.
  • -New key rsa:2048 – This means that we want to create a new key and a new certificate at the same time The rsa:2048 part implies that we want to create a 2048 bit RSA key.
  • -keyout – this parameter specifies where the generated private key file should be stored when it is created.
  • -out – this option indicates where the created SSL Certificate should be placed.

How to create a local self-signed SSL certificate for CentOS 8

Creation of a local SSL certificate for Apache

Step 3: Install a self-signed local SSL certificate on Apache.

4. Once the SSL certificate file has been generated, it is time to install the certificate using the Apache web server settings. Open and edit the configuration file /etc/httpd/conf.d/ssl.conf.

$ sudo /etc/httpd/conf.d/ssl.conf

Make sure the following lines appear between the virtual host tags.

ServerAdmin [Email Protection]
Server name www.tecmint.local
ServerAlias tecmint.local

Document root /var/wwwww/html

SSLEngine on SSLCertificateKeyFile
/etc/private/tecmint.local.crt
SSLCertificateKeyFile /etc/private/tecmint.local.key

Save the file and close it. To make the changes, restart Apache with the command

$ sudo systemctl reboot httpd

5. To allow remote users to access your server, you need to open port 443 through the firewall, as shown in the image.

sudo firewall-cmd –add-port=443 –zone=public –permanent
$ sudo firewall-cmd –reloaded

Step 3: Testing a self-signed local SSL Certificate on Apache

If all configurations are present, start the browser and check the server address using the server IP address or the domain name at https.

To simplify testing, consider redirecting the HTTP protocol to HTTPS on the Apache web server. This allows you to automatically redirect the domain to the HTTPS protocol each time you browse a domain using the HTTP protocol.

So take a look at your server’s domain or IP address.

https://domain_name/

You will receive a warning that the connection is not secure, as shown in the picture. It can be different for different browsers. As you may have guessed, the warning is due to the fact that the SSL Certificate is not signed by the CA, and the browser stores it and informs you that the certificate is not trusted.

How to create a local self-signed SSL certificate for CentOS 8

SSL warning

To access your website, click on the Advanced tab as shown above:

How to create a local self-signed SSL certificate for CentOS 8

SSL certificate warnings

Then add an exception to your browser.

How to create a local self-signed SSL certificate for CentOS 8

Confirm safety exception

Finally, restart your browser and note that you can now access the server, although a warning will appear in the URL bar indicating that the site is not completely secure for the same reason that the SSL certificate is a self-signed, unsigned CA.

How to create a local self-signed SSL certificate for CentOS 8

HTTPS website access

We hope you can now continue to create and install a self-signed SSL certificate on your local Apache server with CentOS 8.install ssl certificate centos 7,create self-signed certificate centos 7,centos trust self-signed certificate,generate self-signed certificate centos 8,how to generate csr for ssl certificate in centos 7,create self-signed certificate centos 7 nginx,create self-signed certificate redhat linux,how to install self-signed certificate in linux

You May Also Like

Hosting

Introduction In previous articles we have talked about images of dockers, the origin and functioning of dockers and the dockers’ hub. In this document...

Latest

Linux desktops are good in many ways, but like Windows they are not known as the most efficient battery. This does not mean that...

Latest

The United States Supreme Court has indicated that it will finally solve a problem that has been causing legal problems for almost two decades:...

Hosting

To secure your AWS assets, follow these AWS Identity and Access Management (IAM) guidelines. Locking the Root User Access Key for AWSAccount You use...