How to Get Free SSL Certificate in Linux | Arkit

Here is a solution to generate your own Self-Signed SSL Certificate for Internal use. Nowadays any website or internal web services need to be updated with SSL Certificate.

What is SSL?

In general terms, SSL will provide another layer of security to encrypt your data over the internet.  Secure Sockets Layer, is a standard security protocol to encrypt web server and browser communication.

Without using an SSL Certificate or plain HTTP web server protocol will send your sensitive data such as User name and password Or bank details like credit card information in plain text.

Self-Signed SSL Certificate in Linux

SSL certificates can be issued by Certificate Authority. Then if you want to generate your own, you can generate your own for internal use only not for external or public internet.

Install Webserver services

# yum install httpd* mod_ssl

After successful installation of Apache/HTTPD packages now start webserver service using the below commands

# systemctl enable httpd.service# systemctl start httpd.service

Enable Firewall ports to allow HTTP and https protocols

# firewall-cmd --permanent --add-service=http
# firewall-cmd --permanent --add-service=https
# firewall-cmd --reload

Generate Self-Signed SSL Certificate

In order to generate a self-signed SSL certificate follow the below steps in Linux RHEL7 or Centos 7

$ sudo openssl req -new > certificate.csr
Generating a 2048 bit RSA private key
....................................................+++
writing new private key to 'privkey.pem'
Enter PEM pass phrase:
Verifying - Enter PEM pass phrase:
-----
Country Name (2 letter code) [XX]:IN
State or Province Name (full name) []:Telangana
Locality Name (eg, city) [Default City]:Hyderabad
Organization Name (eg, company) [Default Company Ltd]:Server Computer
Organizational Unit Name (eg, section) []:IT
Common Name (eg, your name or your server's hostname) []:server-computer.local
Email Address []:

Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:redhat
An optional company name []:server computer

$ ls
certificate.csr privkey.pem

Now Generate .key file using .pem use below command

$ openssl rsa -in privkey.pem -out keyfile.key
Enter pass phrase for privkey.pem:
writing RSA key

A Final Step to get cert file

$ openssl x509 -in certificate.csr -out cert.cert -req -signkey keyfile.key -days 365
Signature ok
subject=/C=IN/ST=Telangana/L=Hyderabad/O=Server Computer/OU=IT/CN=server-computer.local
Getting Private key

Secure SSL Certificates

To avoid access to anybody else move certs to secure place and change permissions

$ mkdir -p /etc/pki/tls/private/$ mkdir -p /etc/pki/tls/certs/
$ mv cert.cert /etc/pki/tls/certs/server.crt
$ mv keyfile.key /etc/pki/tls/private/server.key

Now write SSL config and enable https communication

# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost *:443>
 ServerAdmin root@localhost
 ServerName server-computer.local
 DocumentRoot /var/www/html
SSLEngine on
SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:MEDIUM:!aNULL:!MD5
SSLHonorCipherOrder on
SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key
</VirtualHost>

Ensure the above parameters are enabled in ssl.conf file. Restart HTTP/apache/webserver services

Add host entry in /etc/hosts and check the syntax 

# httpd -t

Now Access your web server URL using https://url. That’s it you have successfully generated a self-signed SSL Certificated and configured web server.

Related Articles

For More Linux Posts

Thanks for your wonderful Support and Encouragement