Although self-signed certificates provide the same level of security between website and browser, most web browsers will always display a security alert message that the website certificate is self-signed and cannot be trusted, as it is not signed by the certificate authority.
Commercial Certificates are authorised certificate issued by a trusted certificate authority which are highly recommended to be used in a production environment. It is required to setup self-signed certificate.
Now that Apache is ready to use encryption, we can move on to generating a new SSL certificate. While creating the certificate, it will require some basic information about your site, and will be accompanied by a key file that allows the server to securely handle encrypted data.
Let us make this directory "private" only accessible to root user for security purposes. Let us now create the Certificate along with SSL key. This can be done with " openssl " along with additional. We need Apache to be able to read the file, without user intervention, when the server starts up. A passphrase would prevent this from happening, since we would have to enter it after every restart.
We set it for one year here. Now, all the certificates are ready. The next thing to do is to set up Apache to display the new certificates. Users cannot use it to validate the identity of their server automatically. It uses the certbot software tool to administer certificates automatically. Certbot is a highly automated tool. You should first read our tutorial on how to install Apache on CentOS 7 if you need assistance with configuring your firewall and virtual hosts.
Use the command terminal to install the EPEL repository and yum-utils :. Once the installation runs its course, you can start the process to obtain a certificate by entering:. The client asks you to provide an email address and to read and accept the Terms of Services. Certbot then lists the domains available on your server.
Once you have made your choices, the message on the terminal confirms that you have enabled encryption for your domain. The certbot renew command checks the installed certificates and tries to renew them if they are less than 30 days away from expiration. To automate this process, create a cron job to execute the command periodically.
Use your preferred text editor to define how often to execute the renew command:. Our detailed guide on how to generate a certificate signing request CSR with OpenSSL is an excellent resource if you need assistance with this process.
You can now install the certificate on your CentOS 7 server. Aftr you have successfully certified the domain and placed the key files on the server, the next step will be to configure the virtual hosts to display the certificate. Test your Apache configuration before restarting. Make sure that the syntax is correct by typing:. A self-signed certificate is useful for testing, in development environments, and on an intranet. Proceed to configure the virtual host to display the new certificate.
To make sure that the syntax is correct, type:. Confirm the status of your certificate, and to check if all the details are correct. The green padlock indicates that the additional layer of encryption is present. Your new SSL certificate ensures that all data passing between the web server and browsers remain private and secure.
0コメント