Enable https on your CentOS home server

I assume you already have Apache installed and up and running. 

These are the steps I took to enable https on my home server. I had a bit of a struggle, since some of the explanations I read had a few shortcomings and/or contradictions. I did the following steps to get my https up and running:

1.        Install the software needed.

You will need OpenSSL and mod_ssl, Apache's interface to OpenSSL. Install them with the following:

$ yum install mod_ssl openssl

2.        Create your keys

You must create a self signed certificate. If you want the "real thing", you have to provide a trusted certificate from a vendor selling them, but for personal use, this will do. During this process, you will be asked to provide your hostname. Make sure this match what you get if you run the command

$ hostname 

First, generate the private key with the command

$ openssl genrsa -out ca.key 2048

Then generate CSR (Certificate signing request - http://en.wikipedia.org/wiki/Certificate_signing_request)

$ openssl req -new -key ca.key -out ca.csr  

Make sure you type in the hostname correct, as explained above.

Then, generate a self signed key

$ openssl x509 -req -days 365 -in ca.csr -signkey ca.key -out ca.crt

3.        Copy the newly created files to the correct locations

$ cp ca.crt /etc/pki/tls/certs
$ cp ca.key /etc/pki/tls/private/ca.key
$ cp ca.csr /etc/pki/tls/private/ca.csr  

 4.    Update the Apache config files

I use nano as my editor, so I type

$ nano /etc/httpd/conf.d/ssl.conf

In this file (that may be empty the first time you try this) I put in the following lines

SSLCertificateFile /etc/pki/tls/certs/ca.crt
SSLCertificateKeyFile /etc/pki/tls/private/ca.key

Then it's time to set up the port and the virtual host for Apache

$ nano /etc/httpd/conf/httpd.conf

First, enable the ssl_mod. Add this following line in the LoadModule section

LoadModule ssl_module modules/mod_ssl.so

Then add the following line where you have "Listen 80"

Listen 443

Continue by adding

NameVirtualHost *:443

 near the line NameVirtualHost *:80

Finally, you want to set up the virtualhost. Add the lines

<VirtualHost *:443>
        SSLEngine on
        SSLCertificateFile /etc/pki/tls/certs/ca.crt
        SSLCertificateKeyFile /etc/pki/tls/private/ca.key
        <Directory /var/www/html>
        AllowOverride All
        DocumentRoot /var/www/html
        ServerName yoursite.com
        ErrorLog /var/log/ssl.log

That's it. Now you only have to restart the httpd and open up you firewall.

$ nano /etc/sysconfig/iptables

and add

-A INPUT -p tcp -m state --state NEW -m tcp --dport 443 -j ACCEPT

Restart the firewall

$ service iptables restart

Restart the httpd

$ service httpd restart

You should now be able to visit your home server with 


You will probably get some warnings, since the certificate is not trusted, but good enough for personal use.