The mod_ssl module provides SSL v3 and TLS v1.x support for the Apache HTTP Server. This article provides you with a basic step by step mod_ssl configuration on RHEL 8 / CentOS 8 Linux server with httpd Apache webserver.

In this tutorial you will learn:
  • How to install mod_ssl
  • How to enable mod_ssl
  • How to create a self-signed certificate
  • How to include existing SSL certificate into httpd configuration
  • How to redirect all non-ssl HTTP traffic to HTTPS
Basic mod_ssl module configuration on RHEL 8 / CentOS 8 with Apache webserver
Basic mod_ssl module configuration on RHEL 8 / CentOS 8 with Apache webserver

Software Requirements and Conventions Used

Software Requirements and Linux Command Line Conventions
Category Requirements, Conventions or Software Version Used
System RHEL 8 / CentOS 8
Software mod_ssl-2.4.35-6.el8
Other Privileged access to your Linux system as root or via the sudo command.
Conventions # - requires given linux commands to be executed with root privileges either directly as a root user or by use of sudo command
$ - requires given linux commands to be executed as a regular non-privileged user

How to install mod_ssl on RHEL 8 / CentOS 8 step by step instructions


SUBSCRIBE TO NEWSLETTER
Subscribe to Linux Career NEWSLETTER and receive latest Linux news, jobs, career advice and tutorials.


This article assumes that you have already performed a basic installation and configuration of Apache webserver on your RHEL 8 / CentOS 8 server.

  1. Install mod_ssl module.

    The first step is to install mod_ssl module using dnf command:
    # dnf install mod_ssl
    
  2. Enable mod_ssl module.

    In case that you have just installed mod_ssl, the module may not be enabled yet. To test whether mod_ssl is enabled execute:
    # apachectl -M | grep ssl
    
    In case you see no output from the above command your mod_ssl is not enabled. To enable the mod_ssl module restart your httpd Apache webserver:
    # systemctl restart httpd
    # apachectl -M | grep ssl
     ssl_module (shared)
    
  3. Open TCP port 443 to allow incoming traffic with htttps protocol:
    # firewall-cmd --zone=public --permanent --add-service=https
    success
    # firewall-cmd --reload
    success
    
    NOTE
    At this point you should be able to access your Apache webserver via HTTPS protocol. Navigate your browser to https://your-server-ip or https://your-server-hostname to confirm mod_ssl configuration.


  4. Generate SSL certificate.

    In case you do not already posses a proper SSL certificates for your server use the below command to generate new self-signed certificate.

    For example let's generate a new self-signed certificate for host rhel8 with 365 days expiry:
    # openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/httpd.key -x509 -days 365 -out /etc/pki/tls/certs/httpd.crt
    Generating a RSA private key
    ................+++++
    ..........+++++
    writing new private key to '/etc/pki/tls/private/httpd.key'
    -----
    You are about to be asked to enter information that will be incorporated
    into your certificate request.
    What you are about to enter is what is called a Distinguished Name or a DN.
    There are quite a few fields but you can leave some blank
    For some fields there will be a default value,
    If you enter '.', the field will be left blank.
    -----
    Country Name (2 letter code) [XX]:AU
    State or Province Name (full name) []:
    Locality Name (eg, city) [Default City]:
    Organization Name (eg, company) [Default Company Ltd]:LinuxConfig.org
    Organizational Unit Name (eg, section) []:
    Common Name (eg, your name or your server's hostname) []:rhel8
    Email Address []:
    
    After successful execution of the above command the following two SSL files will be created:
    # ls -l /etc/pki/tls/private/httpd.key /etc/pki/tls/certs/httpd.crt
    -rw-r--r--. 1 root root 1269 Jan 29 16:05 /etc/pki/tls/certs/httpd.crt
    -rw-------. 1 root root 1704 Jan 29 16:05 /etc/pki/tls/private/httpd.key
    
  5. Configure Apache web-server with new SSL certificates.

    To include your newly created SSL certificate into the Apache web-server configuration open the /etc/httpd/conf.d/ssl.conf file with administrative privileges and change the following lines:
    FROM:
    SSLCertificateFile /etc/pki/tls/certs/localhost.crt
    SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
    TO:
    SSLCertificateFile /etc/pki/tls/certs/httpd.crt
    SSLCertificateKeyFile /etc/pki/tls/private/httpd.key
    
    Once ready reload the httpd Apache web-server:
    # systemctl reload httpd
    


  6. Test your mod_ssl configuration by navigating the web browser to https://your-server-ip or https://your-server-hostname URL.
  7. As an optional step redirect all HTTP traffic to HTTPS.

    T do so create a new file /etc/httpd/conf.d/redirect_http.conf with a following content:
    <VirtualHost _default_:80>
            Servername rhel8
            Redirect permanent / https://rhel8/
    </VirtualHost>
    
    To apply the change reload the httpd daemon:
    # systemctl reload httpd
    
    The above configuration will redirect any incoming traffic from http://rhel8 to https://rhel8 URL. For more information about TLS/SSL configuration on RHEL Linux server visit our How to setup SSL/TLS with Apache httpd on Red Hat guide.
ARE YOU LOOKING FOR A LINUX JOB?
Submit your RESUME, create a JOB ALERT or subscribe to RSS feed on LinuxCareers.com.
LINUX CAREER NEWSLETTER
Subscribe to NEWSLETTER and receive latest news, jobs, career advice and tutorials.
DO YOU NEED ADDITIONAL HELP?
Get extra help by visiting our LINUX FORUM or simply use comments below.