June 13, 2024

How to install SSL Certificate with Comodo For Centos 7

The First step is to submit the CSR (Certificate Signing Request) Certificate to the Certification Authority. Certification Authority means from where you bought your SSL Certificate.

Following are the process for generating a CSR Certificate:-

STEP 1:- Log Into Your Server

Open terminal window to connect to your server through SSH. Access to a user account with root or sudo privileges.

Step 2: Install openssl on your server

Commands to Install openssl are as follows. If already Installed ignore this steps:-

yum group install 'Development Tools' && yum install perl-core libtemplate-perl zlib-devel 
wget -c https://www.openssl.org/source/openssl-1.0.2p.tar.gz
tar -xzvf openssl-1.0.2p.tar.gz
cd openssl-1.0.2p
make test
sudo make install
mv /usr/bin/openssl/root
ln -s /usr/local/ssl/bin/openssl/ /usr/bin/openssl
openssl version

Step 2: Create an RSA Private Key and CSR

It is advised to issue a new private key each time you generate a CSR. Hence, the steps below instruct on how to generate both the private key and the CSR.

openssl req -new -newkey rsa:2048 -nodes -keyout your_domain.key -out your_domain.csr

Make sure to replace your_domain with the actual domain you’re generating a CSR for.

The commands are broken out as follows:

  • openssl – activates the OpenSSL software
  • req – indicates that we want a CSR
  • –new –newkey – generate a new key
  • rsa:2048 – generate a 2048-bit RSA mathematical key
  • –nodes – no DES, meaning do not encrypt the private key in a PKCS#12 file
  • –keyout – indicates the domain you’re generating a key for
  • –out – specifies the name of the file your CSR will be saved as

Step 3: Enter Your CSR Information

Your system should launch a text-based questionnaire for you to fill out.

Enter your information in the fields as follows:

  • Country Name – use a 2-letter country code (US for the United States)
  • State – the state in which the domain owner is incorporated
  • Locality – the city in which the domain owner is incorporated
  • Organization name – the legal entity that owns the domain
  • Organizational unit name – the name of the department or group in your organization that deals with certificates
  • Common name – typically the fully qualified domain name (FQDN), i.e. what the users type in a web browser to navigate to your website
  • Email address – the webmaster’s email address
  • Challenge password – an optional password for your key pair

Please take into account that Organization Name and Unit Name must not contain the following characters:

< > ~ ! @ # $ % ^ * / \ ( ) ?.,&

Step 4: Locate Certificate Signing Request File

Once the software finishes, you should be able to find the CSR file in your working directory.

You can also enter the following:

ls *.csr

Now open the .csr file and submit the alphanumeric code to your SSL provider.

Once Comodo verifies your CSR the request, download the SSL files. Copy them (ComodoRSACA.crt) and the Primary Certificate (yourdomain.crt), to your Apache server directory. The private key generated during the CSR (Certificate Signing Request) process needs to be on the same server.

Configure Virtual Hosts for SSL

Open the SSL configuration file and comment the virtual host line, and paste the following virtual host.

<VirtualHost *:443>
     DocumentRoot /var/www/html/abxzyx.com
     ServerName abxzyx.com
     SSLEngine On
     SSLCertificateFile /etc/ssl/private/abxzyx.com.crt
     SSLCertificateKeyFile /opt/abxzyx.txt
     SSLCertificateChainFile /etc/ssl/private/abxzyx.com.ca-bundle

After that save and exit.

Test your apache configuration before restarting.

httpd -t

Once the system confirms that the syntax is correct, restart Apache:

sudo systemctl restart httpd

You have now set up your Apache server to use the SSL certificate. 🙂

Vedant Kumar

Currently I'm working as an Implementation Engineer, Started my career as an System Administrator - Linux. Additionally loves to explore new technologies and research about new open-source software that ease the development cycle.

View all posts by Vedant Kumar →

Leave a Reply

Your email address will not be published. Required fields are marked *

The reCAPTCHA verification period has expired. Please reload the page.


Ad Blocker Detected!

We've noticed that you are using an ad blocker. Advertising helps fund our server cost and keep it truly independent. It helps to build our content creator team. So please disable your ad blocker, and help us to keep providing you with free- great content - for free. Thank you for your support.