How to install mod_ssl on RHEL 8 / CentOS 8 with httpd Apache webserver

The mod_ssl module provides SSL v3 and TLS v1.x support for the Apache HTTP Server. This article provides you with a basic step by step mod_ssl configuration on RHEL 8 / CentOS 8 Linux server with httpd Apache webserver.

In this tutorial you will learn:

  • How to install mod_ssl
  • How to enable mod_ssl
  • How to create a self-signed certificate
  • How to include existing SSL certificate into httpd configuration
  • How to redirect all non-ssl HTTP traffic to HTTPS

Basic mod_ssl module configuration on RHEL 8 / CentOS 8 with Apache webserver

Basic mod_ssl module configuration on RHEL 8 / CentOS 8 with Apache webserver

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System RHEL 8 / CentOS 8
Software mod_ssl-2.4.35-6.el8
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # – requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ – requires given linux commands to be executed as a regular non-privileged user

How to install mod_ssl on RHEL 8 / CentOS 8 step by step instructions

This article assumes that you have already performed a basic installation and configuration of Apache webserver on your RHEL 8 / CentOS 8 server.

  1. Install mod_ssl module.The first step is to install mod_ssl module using dnf command:
    # dnf install mod_ssl
  2. Enable mod_ssl module. In case that you have just installed mod_ssl, the module may not be enabled yet. To test whether mod_ssl is enabled execute:
    # apachectl -M | grep ssl

    In case you see no output from the above command your mod_ssl is not enabled. To enable the mod_ssl module restart your httpd Apache webserver:

    # systemctl restart httpd
    # apachectl -M | grep ssl
     ssl_module (shared)
  3. Open TCP port 443 to allow incoming traffic with https protocol:
    # firewall-cmd --zone=public --permanent --add-service=https
    # firewall-cmd --reload
    At this point you should be able to access your Apache webserver via HTTPS protocol. Navigate your browser to https://your-server-ip or https://your-server-hostname to confirm mod_ssl configuration.

  4. Generate SSL certificate. In case you do not already posses a proper SSL certificates for your server use the below command to generate new self-signed certificate.

    For example let’s generate a new self-signed certificate for host rhel8 with 365 days expiry:

    # openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/httpd.key -x509 -days 365 -out /etc/pki/tls/certs/httpd.crt
    Generating a RSA private key
    writing new private key to '/etc/pki/tls/private/httpd.key'
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    Country Name (2 letter code) [XX]:AU
    State or Province Name (full name) []:
    Locality Name (eg, city) [Default City]:
    Organization Name (eg, company) [Default Company Ltd]
    Organizational Unit Name (eg, section) []:
    Common Name (eg, your name or your server's hostname) []:rhel8
    Email Address []:

    After successful execution of the above command the following two SSL files will be created:

    # ls -l /etc/pki/tls/private/httpd.key /etc/pki/tls/certs/httpd.crt
    -rw-r--r--. 1 root root 1269 Jan 29 16:05 /etc/pki/tls/certs/httpd.crt
    -rw-------. 1 root root 1704 Jan 29 16:05 /etc/pki/tls/private/httpd.key
  5. Configure Apache web-server with new SSL certificates.To include your newly created SSL certificate into the Apache web-server configuration open the /etc/httpd/conf.d/ssl.conf file with administrative privileges and change the following lines:
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    SSLCertificateFile /etc/pki/tls/certs/httpd.crt
    SSLCertificateKeyFile /etc/pki/tls/private/httpd.key

    Once ready reload the httpd Apache web-server:

    # systemctl reload httpd

  6. Test your mod_ssl configuration by navigating the web browser to https://your-server-ip or https://your-server-hostname URL.
  7. As an optional step redirect all HTTP traffic to HTTPS.T do so create a new file /etc/httpd/conf.d/redirect_http.conf with a following content:
    <VirtualHost _default_:80>
            Servername rhel8
            Redirect permanent / https://rhel8/

    To apply the change reload the httpd daemon:

    # systemctl reload httpd

    The above configuration will redirect any incoming traffic from http://rhel8 to https://rhel8 URL. For more information about TLS/SSL configuration on RHEL Linux server visit our How to setup SSL/TLS with Apache httpd on Red Hat guide.