CentOS 7 / SSL & selinux Notes

Installing an SLL certificate can be easy or hard depending on how familiar you are with the process. Here are some notes about installing a SSL Certificate on Linux / CentOS7 with selinux.

  1. Get your certificate files from your provider / authority and place them somewhere on the server.
  2. Directory and key files should be owned by root : root .
  3. Directory permissions should be 700 and key file permissions should be 600.
  4. CentOS7 does not come with SSL by default, so yum install mod_ssl openssl
  5. Edit /etc/httpd/conf.d/ssl.conf and add ssl file locations (you can leave  SSLCertificateChainFile commented out (unless your apache is really old), as it is being depreciated).
  6. selinux is where I had the most trouble, but found a way to make my files “like” the respective files that were already on the server. Do a quick man chcon and look at the reference attribute to get a better understanding of this.
    1. chcon –reference=/etc/pki/tls/certs/ca-bundle.crt /your-ca-bundle-file-location
    2. chcon –reference=/etc/pki/tls/certs/ca-bundle.trust.crt /your-crt-file-location.crt
    3. chcon –reference=/etc/pki/tls/private/localhost.key /your-private-key-file-location
  7. Restart apache “systemctl reload httpd
  8. Double-check that it started with “systemctl status httpd
  9. Test your site with https://yourdomain.com