|  Home

VPS & Dedicated Servers (Hosting Control Center) Help

How to install OpenSSL on CentOS using a self-signed certificate

Since visitors and search engines put increased trust into sites that are secured with SSL, certificate usage is on the rise. While you would often use a trusted certificate from a well-known CA, sometimes it makes sense to use a self-signed cert. This is especially true when setting up a test or development environment. It takes a few minutes, but it's pretty straightforward and gives you the nice little lock in the browser bar when it's working. I set mine up on my VPS and it worked without issue.

DIFFICULTY Basic - 1 | Medium - 2 | Advanced - 3
RELATED PRODUCTS CentOS-based VPS or dedicated servers


Install the necessary libraries

yum install mod_ssl

Create a directory to store the keys

mkdir /etc/httpd/pki

Create a self-signed certificate

openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/httpd/pki/apache.key -out /etc/httpd/pki/apache.crt

You'll be asked to fill out a few fields. The most important line is "Common Name." Enter your official domain name here or, if you don't have one yet, enter your site's IP address.

Edit the config file

vi /etc/httpd/conf.d/ssl.conf

Scroll down until you find the VirtualHost _default_:443 section.

Uncomment the DocumentRoot and ServerName lines.

Change example.com in the ServerName line to either your domain name or server's IP address. Important: This needs to match the common name on the certificate.

ServerName example.com:443

Scroll down and ensure that SSL is configured with the following lines.

SSLEngine on
SSLCertificateFile /etc/httpd/pki/apache.crt
SSLCertificateKeyFile /etc/httpd/pki/apache.key

Save and exit.

Restart Apache

/etc/init.d/httpd restart

That's it!

Test the configuration

Browse to https://your domain name

You should see your site over an SSL connection.

Note: Your browser will likely ask you to trust the self-signed certificate before allowing access to the site. This is an artifact of using a self-signed certificate. For using a certificate that is globally-trusted, here is a link on how to get a trusted SSL certificate.

Note: As a courtesy, we provide information about how to use certain third-party products, but we do not endorse or directly support third-party products and we are not responsible for the functions or reliability of such products. Third-party marks and logos are registered trademarks of their respective owners. All rights reserved.

Was This Article Helpful?
Thanks for your feedback. To speak with a customer service representative, please use the support phone number or chat option above.
Glad we helped! Anything more we can do for you?
Sorry about that. Tell us what was confusing or why the solution didn’t solve your problem.