Before doing that have you ever thought of installing an SSL certificate, also referred as digital certificates on your CentOS or Fedora Server? If the answer is no, then why to take a chance in today’s era where stealing information is so much at ease with thousands and thousands of available software. Whether large or small, the business websites are targeted by hackers without many efforts. A higher page rank is granted even by Google to those whose browsing sites are encrypted with https:// prefix. Small data files which digitally bind a cryptographic key to an organisation’s details are termed as SSL certificates.
To commence the process of actual installation of digital certificates on CentOS or even Fedora server making use of Apache httpd one needs to first acquire the digital certification. First, let’s just brush up our knowledge with a backdrop on the certificates and the steps involved in the instalment process.
Different categories of SSL digital certificates
The quantities of organisations starting to use SSL certificates has increased to a very great extent over the last few years. Various organisations are also expected to install the SSL certificated onto its web server to construct secure sessions with browsers. An encrypted channel is created between the client and the server via SSL Certificates. There is a wider expansion in the applications of SSL certificates, as a resultant 3 types of SSL Certificates are now available:
Extended Validation (EV) SSL Certificate:
A trusted third party called a Certificate Authority (CA) authenticates the justified rights of the applicant by thoroughly supervising and scrutinizing the usage of the specific domain name.EV guidelines are defined to give a prior knowledge of the process of issuance of EV SSL Certificates. Below are the specified steps required for a CA before a certificate can be issued:
- The physical, operational and legal existence of the particular entity should be verified.
- Verification should be done as in regards to the matching of the entity and its specification in the official records.
- Verification is done to cross-check the rights of the entity to use the specified domain mentioned in the EV SSL Certificates.
- Proper authorisation and issuance of EV SSL Certificates by the entity is verified thoroughly
Domain ownership is validated through this kind of certificate, inhibiting the information of ownership in regards to the site owner’s name, city, state and country.
Domain Validation or the short form- DV SSL Certificates:
The certification to validate the registration of the domain name with admin rights to the website. A secure browser connection is validated to be established if the certificate is signed by a trusted CA.
Wildcard SSL Certificates: To secure unlimited sub-domains wildcard SSL is the best option to use.
How to fix the web with an SSL certificate
To begin with, the foremost demand is to buy or acquire the SSL Certificate.
After placing the order for a CA approved SSL Certificate, the delivery time varies for DV SSL Certificate and EV SSL Certificate, from that of hours to weeks. The green signal to download the certificate is given by the CA.A 7 step process is followed for the same:
- A login is required to be done into Account Manager
- Click the cursor on the term SSL Certificates
- One is demanded to choose the required certificate and further click manage
- Click the term, view status in the actions column
- Take the cursor to download and click
- Type of server required can be selected now to download the zip file
- The downloaded file can be stored safely for future purpose.
- Using SSH, a login is made to the server, make sure you have root access to the server.
- OpenSSL client software should be installed.
Code:
yum install mod_ssl OpenSSL
3.The requirement of a directory is generated to store the server encryption key and its certificate.
Code:
mkdir /etc/httpd/ssl
5. The ssl.conf or httpd.conf file can now be edited as per below example: Here we are working with ssl.conf.
Code:
vi /etc/httpd/conf.d/ssl.conf
Code:
DocumentRoot /var/www/html ServerName www.yourdomainname.com SSLEngine on SSLCertificateFile /path/to/your_certificate.crt SSLCertificateKeyfile /path/to/your_private.key SSLCertificateChainFile /path/to/your_cabundle.crt
Code:
apachectl configtest
Code:
/etc/init.d/httpd restart or service apache restart