Strong cryptography comes to the Apache HTTP Server via the mod_ssl module with Secure Sockets Layer (SSL) and Transport Layer Security (TLS) protocols. Enabling SSL on your Apache web server enhances security by encrypting the data between the server and clients.
There are several methods to install mod_ssl on RHEL/CentOS 7 with Apache web server which are as follows:
Installing mod_ssl via YUM Package Manager
Step 1: Update System Packages
First, you need to ensure your system packages are up to date. Run the following command in a terminal:
sudo yum update -yStep 2: Installing Apache HTTP Server
In the case where Apache is not yet installed, it can easily be installed with the following command:
sudo yum install httpd -yStep 3: Install the mod_ssl
The installation can be made with the command:
sudo yum install mod_ssl -y
apachectl -M | grep ssl
Step 4: Start and Enable Apache
Start Apache Web Server and enable it to start on boot.
sudo systemctl start httpd
sudo systemctl enable httpd
Step 5: Firewall Configuration
Can pass HTTPS traffic by the firewall:
sudo firewall-cmd --permanent --add-service=https
sudo firewall-cmd --reload
Step 6: Generating SSL Certificates
You can create a self-signed SSL certificate with the 'openssl' command:
sudo openssl req -newkey rsa:2048 -nodes -keyout /etc/pki/tls/private/httpd-selfsigned.key -x509 -days 365 -out /etc/pki/tls/certs/httpd-selfsigned.crtFill in any information you are asked for.
Step 7: Apache Setup with SSL
Now modify the SSL configuration file at '/etc/httpd/conf.d/ssl.conf':
sudo vi /etc/httpd/conf.d/ssl.confPlease update the below lines with your certificate paths:
SSLCertificateFile /etc/pki/tls/certs/httpd-selfsigned.crt
SSLCertificateKeyFile /etc/pki/tls/private/httpd-selfsigned.key
Step 8: Rebooting Apache
Restart Apache service to effect the changes:
sudo systemctl restart httpdManual Installation from Source
This is the process where one downloads the source code and then compiles it manually. This method comes in where there is a need for a specially customized version of mod_ssl.
Step 1: Installation of Required Packages
Install the packages for building mod_ssl:
sudo yum groupinstall 'Development Tools' -y
sudo yum install openssl openssl-devel -y
Step 2: Download Source Code of Apache HTTPD and mod_ssl
Download the Apache HTTP Server and mod_ssl source code from appropriate websites:
wget https://downloads.apache.org/httpd/httpd-2.4.46.tar.gz
wget https://release-assets.githubusercontent.com/github-production-release-asset/7634677/505bd388-6ce2-42ca-8090-10807dccd4b7?sp=r&sv=2018-11-09&sr=b&spr=https&se=2025-07-23T13%3A03%3A38Z&rscd=attachment%3B+filename%3Dopenssl-1.1.1k.tar.gz&rsct=application%2Foctet-stream&skoid=96c2d410-5711-43a1-aedd-ab1947aa7ab0&sktid=398a6654-997b-47e9-b12b-9515b896b4de&skt=2025-07-23T12%3A03%3A04Z&ske=2025-07-23T13%3A03%3A38Z&sks=b&skv=2018-11-09&sig=6hZKZNOexkn%2BAqm0pMQ3k5y%2BiaUSiuyT0OrQO9qUaCk%3D&jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmVsZWFzZS1hc3NldHMuZ2l0aHVidXNlcmNvbnRlbnQuY29tIiwia2V5Ijoia2V5MSIsImV4cCI6MTc1MzI3MzUwMSwibmJmIjoxNzUzMjczMjAxLCJwYXRoIjoicmVsZWFzZWFzc2V0cHJvZHVjdGlvbi5ibG9iLmNvcmUud2luZG93cy5uZXQifQ.Qmvisb4hlyhDp8s4sUa-7LGWExB6dksG2Z3fM1DYZ1g&response-content-disposition=attachment%3B%20filename%3Dopenssl-1.1.1k.tar.gz&response-content-type=application%2Foctet-stream
Step 3: Extract Source Files
Extract the downloaded tar files:
tar -xzf httpd-2.4.46.tar.gz
tar -xzf openssl-1.1.1k.tar.gz
Step 4: Build and install OpenSSL
Enter the OpenSSL directory and build it:
cd openssl-1.1.1k
./config
make
sudo make install
Step 5: Build and Install Apache with mod_ssl
Navigate to the Apache directory and configure it with SSL support:
cd ../httpd-2.4.46
./configure --enable-ssl --with-ssl=/usr/local/ssl --enable-so
make
sudo make install
Step 6: Start Apache
Start Apache web server:
sudo /usr/local/apache2/bin/apachectl startStep 7: Let Apache Use SSL
Edit the file httpd-ssl.conf located in the conf/extra directory:
sudo vi /usr/local/apache2/conf/extra/httpd-ssl.confUpdate the following lines with your certificate paths:
SSLCertificateFile /usr/local/apache2/conf/server.crt
SSLCertificateKeyFile /usr/local/apache2/conf/server.key
Step 8: Restart Apache
Restart Apache to apply changes:
sudo /usr/local/apache2/bin/apachectl restartConclusion
Adding mod_ssl to RHEL/CentOS 7 allows you to implement and configure the SSL module within Apache, thereby enhancing security with the power to permit encrypted communication.
