Red Hat Knowledgebase

You can get an SSL certificate from a Certificate Authority (CA). A certificate from a reputable CA guarantees that a website is associated with a particular reputable company or organization, the CA. Most CA signed certificates are automatically accepted by a user's browser and users will not be prompted by the browser to accept the certificate to create the secure connection. Use the following instructions:

1. Remove the stock SSL certificate and key (or move them to a different location):

       # cd /etc/httpd/conf
       # rm ssl.key/server.key
       # rm ssl.crt/server.crt
   

2. Make a private key:

   # make genkey

   The server.key file should be owned by the root user on the system and should not be accessible to any other user. Make a backup copy of this file and keep the backup copy in a safe, secure place.

3. Generate a certificate request:

   # make certreq

4. Send the generated CSR to the CA.

   Follow the instructions provided on the CA's website. Their instructions will tell you how to send your certificate request, any other documentation that they require, and your payment, to them.

5. Put the CA certificate in the /etc/httpd/conf/ssl.crt/server.crt file.

   After you have fulfilled the CA's requirements, they will send a certificate to you (usually by email). Save (or cut and paste) the certificate that they send you as /etc/httpd/conf/ssl.crt/server.crt. Be sure to keep a backup of this file.

6. Restart the Apache server:
   

   # /sbin/service httpd restart

Note: when Apache is running as a secure server, the system will prompt for the password on server reboots. If you would like to prevent this see the an additional article in the Knowledgebase with more details on how to bypass entering the password on server reboots. This is not as secure and the default.