Create a Self-Signed Certificate for Apache SSL on CentOS

A self-signed certificate can be used for many things, but in this case it is to provide HTTP over SSL from Apache, HTTPS. In many cases a CA signed certificate is not required – a self signed certificate offers the same level of encryption at no cost if you can live with the warnings (or install the cert in your keystore).

Install ModSSL and OpenSSL

Use yum to get OpenSSL and ModSSL plus dependencies.

yum -y install mod_ssl openssl

Generate the key, certificate signing request, and certificate.

This will generate a 2048 bit RSA key and certificate good for ~10 years (3650 days).

mkdir -p /etc/httpd/ssl
cd /etc/httpd/ssl
openssl genrsa -out ssl.key 2048 
openssl req -new -key ssl.key -out ssl.csr
openssl x509 -req -days 3650 -in ssl.csr -signkey ssl.key -out ssl.crt

Use Self-Signed Certificate with Apache.

You can now use the key and crt files in apache, either in the general configuration included by default in /etc/httpd/conf.d/ssl.conf or in a VirtualHost as below.

<VirtualHost *:443>
	ServerName my.server.com
	DocumentRoot /var/www/html

	# Enable SSL and specify the certificate and key
	SSLEngine on
	SSLCertificateFile      /etc/httpd/ssl/ssl.crt
	SSLCertificateKeyFile   /etc/httpd/ssl/ssl.key

	# If you are reverse proxying from HTTP to HTTPS make sure to include a header rewrite
	#Header edit Location ^http: https:
</VirtualHost>