Install mod_ssl on Almalinux 8 / Rocky Linux 8 for httpd Apache webserver

Apache Module mod_ssl is available to install for getting SSL support in our HTTP server. Here we let you know how to enable mod_ssl & mod_http2 for Apache webserver on Almalinux or Rocky Linux 8 (RHEL based). 

To get SSL v3 and TLS v1.x support on Apache, this article is here that helps in generating the required SSL certificate including the associated private key.

Steps to install mod_ssl on Almalinux 8 / Rocky Linux 8

Install Apache webserver

The first thing you must have on your Linux is the working Apache webserver. It can be installed using single command i.e:

sudo dnf install httpd

Whereas to know more about it, you can see our tutorial – Apache webserver configuration on AlmaLinux or Rocky Linux 8 server

 

Install mod_ssl on Rocky or AlmaLinux

Once you have the Apache webserver, we can easily install the mode_ssl module using the DNF package manager because it is available through the default repository of these RHEL based Linux systems:

sudo dnf install mod_ssl

Install Mod SSL on Almalinux or Rocky Linux for Apache

 

Enable mod_ssl on Rocky Linux or AlmaLinux 8

Well, using the above command, in a few seconds, the module will be installed on your server, however, we have to enable it. For that simply restart the httpd/Apache webserver. So, that it could recognize the same.

sudo systemctl restart httpd

After restarting your web server, confirm that the mod_SSL has been successfully enabled for Apache.

apachectl -M | grep ssl

The output will be:

ssl_module (shared)

Enable Mode SSL for Apache

 

Open port 443 in the firewall for Apache

As SSL (HTTPS) runs on port 443, hence to access it outside the server, we have to open it first in the Almalinux or Rocky Linux 8 firewall.

sudo firewall-cmd --add-service={http,https} --permanent
sudo firewall-cmd --reload

Now, you will be able to access the Apache webserver test page or any active running website on it using https protocol but with a certificate warning.

 

Add your bought SSL certificate or Generate a self-signed certificate

Now, there are two scenarios, one is that you have bought an SSL certificate from some third party and you have the two files with extension-  .CRT and .Key.  If you already have the SSL certificate then add that in  /etc/httpd/conf.d/ssl.conf.

Whereas, the second scenario is you don’t have an SSL certificate and want to generate a self-signed one to use at least for local usage using OpenSSL.

Note: you can replace the server text in the below command with whatever you want to easily identify the keys.

sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/server.key -x509 -days 365 -out /etc/pki/tls/certs/server.crt

Once you have executed the above command you will have two SSL files:

SSLCertificateFile /etc/pki/tls/certs/server.crt
SSLCertificateKeyFile /etc/pki/tls/private/server.key

—————————————————————————————————-

Now, edit the SSL configuration file 

sudo nano /etc/httpd/conf.d/ssl.conf

and replace it with the following two file paths either with the SSL certificate you bought or generated by yourself using the above command.

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key

Here I am assuming that you want to use a self-generated certificate then

SSLCertificateFile /etc/pki/tls/certs/localhost.crt
#with 
SSLCertificateFile /etc/pki/tls/certs/server.crt

#And 

SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
#with 
SSLCertificateKeyFile /etc/pki/tls/private/server.key

Save the file by pressing Ctrl+O and hitting the Enter key to exit the file Ctrl+X.

Screenshot:

Add self generated SSL certificate for Apache web server

 

Restart your webserver:

sudo systemctl reload httpd

Now, you will be able to access the Web server running websites over HTTPS SSL protocol:

Mod_SSL HTTPS on Apache web server Rocky Linux

 

Redirect all http traffic to https

Those who want to redirect their all http (port80) traffic to https (443) by default can create the redirect configuration file:

sudo nano /etc/httpd/conf.d/redirect_http.conf

Copy-paste the following line and change the website Domain or URL

<VirtualHost _default_:80>
        Servername you-server
        Redirect permanent / https://yourserver.com/
</VirtualHost>

Save the file by pressing Ctrl+O and hitting the Enter key to exit the file Ctrl+X.

To make the changes into effect, reload the webserver:

sudo systemctl reload httpd

Now, all the http traffic will redirect to HTTPS by enabling mod_ssl on AlmaLinux or Rocky Linux 8; however, the thing to keep in mind the self-generated certificate will still get a certificate error. It is because the  Self-signed certificates aren’t trusted by browsers as it was generated by you, not by a CA (Certificate Authority, an entity that issues digital certificates.).

 

Other Articles:

How to Install CloudPanel Control Panel on Debian 10 Server
Install & configure Lighttpd web server on Ubuntu
How to connect AlmaLinux 8 via Windows RDP
Install Rocky Linux 8 on Amazon AWS EC2…

 

 

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.