5-Step Guide to Install SSL Certificate on Red Hat Linux

When you try to access information from a website, the browser connects with the server and requests data. Cyber attackers can execute man-in-the-middle attacks and access information if your server is not secure. 

Securing servers across operating systems like Red Hat Linux, Windows, and others requires advanced encryption. This is why you must install an SSL certificate on Red Hat Linux makes more sense. 

Secure Socket Layer (SSL) certificates use cryptographic encryptions to secure communications between a browser and a web server. Cryptographic encryptions use two pairs of security keys to encrypt and decrypt information. 

Therefore, when a user tries to access data using a public key, the data encrypted with a private key on the server is decrypted. To ensure your web apps deployed on Red Hat Linux are secure, installing an SSL certificate becomes crucial. 

This article provides an extensive guide to installing SSL on Red Hat Linux.

Steps to Install SSL Certificate on Red Hat Linux (RHEL)

If you want to install an SSL certificate on Red Hat Linux server, the first step will be to choose one from a trustworthy certificate authority (CA) or any reseller authority where you get cheap SSL certificates. There are many different types of SSL certificates available that you can choose from for RHEL apps. 

Once you choose the certificate you want to install, you must generate a Certificate Signing Request (CSR) with a private key. 

Step 1 Generate CSR to install the SSL certificate on the RHEL Apache server.

CSR is a file with information on your domain ownership, business details, location, and registration details. You need to generate CSR and submit it to CA for verification and issuance of SSL certificates.

You can use Open SSL to generate CSR and private keys. Install the Open SSL with the following code, 

$ sudo yum install openssl

Next, use the following commands to generate CSR and private key,

$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

Further, you will have to provide information for CSR, like, 

  • The country name is a two-letter code of your country.
  • State or province name is where you must provide the full name of the state or region where the company is registered.
  • Locality name is where you need to specify the name of the city or town where the business is located
  • The organization name is the officially registered name of your company. 
  • Organization unit name is often admin details 
  • The common name is often termed a Fully Qualified Domain Name (FQDN), which you want to secure. 
  • Valid email address

Once you enter the above details and submit it, OpenSSL will create two files

  • A file that contains the private key(.key)
  • Another file containing the CSR code(.csr)

Once you have the CSR and private key file, submit it to the CA. Further, after thorough verification, CA will issue a certificate and send it through email. You can download the file from email and save it locally on your machine.

Step 2 Create. Crt file for your SSL certificate

To create a .crt file:

  1. Open your SSL certificate in a text editor from the local storage path.
  2. Copy the entire file content, including “Begin Certificate” and “End Certificate.”
  3. Paste the content into a new file and name it mydomain. crt.

Copy the .crt file to your server directory where you want to store the SSL certificate. Here are some directories where you can store private keys, certificate files, and CA bundles,

  • Store all the SSL certificates in /mydomain/httpd/conf/SSL.crt/
  • Store the private key in /mydomain/httpd/conf/SSL.key/
  • Store bundle files into /mydomain/httpd/conf/ca-bundle/

Step 3 Install an intermediate certificate on the Red Hat Linux server.

Installing an SSL certificate on the Red Hat Linux server is a process of phases. You need to create a chain of certificates, so installing an intermediate certificate becomes essential. Further, using the abovementioned process, you must create a .crt file for intermediate certificates.

Copy the certificate file (/etc/httpd/conf/ssl.crt/intermediatecert.crt) along with the .crt file for the root certificate. Now open the virtual host tag and add the file using the following command.

SSLCACertificateFile /etc/httpd/conf/ssl.crt/intermediate.crt.

Now the intermediate certificate is installed.

Step 4 Install the SSL certificate on the Red Hat Linux server.

Once your intermediate certificate is installed, open the .crt file for the root certificate/SSL certificate and save it as a server file called “server-cert.crt.” Similarly, create a server.crt files for the private key and CA bundle.

Now, add the following directives in your httpd.cnf file (configuration file for HTTP protocol)

  • SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
  • SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
  • SSLCACertificateFile /etc/httpd/conf/ssl.crt/intermediate.crt

Save the httpd.cnf file and restart the RHEL server to check if the SSL certificate is installed.

Step 5 Check the installed SSL certificate on RHEL.  

To check whether the SSL certificate is correctly installed on your RHEL server, use the following command –

$ openssl s_client –showcerts –connect WebServerURL: PortNumber


Replace the “WebServerURL” with your domain name or website and verify the PortNumber accordingly. 

Conclusion 

With increased cybersecurity threats, SSL certificates become essential to avoid attacks like man-in-the-middle (MITM). Installing SSL certificates in the Red Hat Linux server helps improve security and enhance the user experience. We have discussed a five-step process to install an SSL certificate for your RHEL server, but these steps may vary depending on your project requirements.