English Spanish
Permissions
sudo chmod 0600 /etc/pki/tls/private/myhost.com.key
sudo chmod 0600 /etc/pki/tls/certs/myhost.com.crt
After installing the existing certificate, set up the certificate using <<mod_ssl configuration>>.
mod_ssl configuration
The default TLS/SSL configuration is contained in the file `/etc/httpd/conf.d/ssl.conf`. In the `ssl.conf` file, following are the directives that specify where the TLS/SSL certificate and key are located:
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
These directives are enclosed in a block defining a https://httpd.apache.org/docs/current/vhosts/[virtual host]:
<VirtualHost _default_:443>
...
SSLCertificateFile /etc/pki/tls/certs/localhost.crt
...
SSLCertificateKeyFile /etc/pki/tls/private/localhost.key
...
</VirtualHost>
To define a different location for these files, do the following:
Create a copy of the `/etc/httpd/conf.d/ssl.conf` file and renew the file to `z-ssl-local.conf`.
Edit the following lines in the `z-ssl-local.conf` file:
<VirtualHost _default_:443>
SSLCertificateFile /etc/pki/tls/certs/www.myhost.org.crt
SSLCertificateKeyFile /etc/pki/tls/private/www.myhost.org.key
</VirtualHost>
This file will override the two settings for the `pass:[_default_]:443` virtual host; all other settings from `ssl.conf` will be retained.
Settings for individual virtual hosts
To use SSL/TLS for a specific virtual host with a different certificate as default, do the following:
Open that virtual host's configuration file `/etc/httpd/conf.d/hostname.conf`.
Insert these lines between `<VirtualHost hostname:port>` and `</VirtualHost>`:
SSLEngine on
SSLCertificateFile /etc/pki/tls/certs/hostname.crt
SSLCertificateKeyFile /etc/pki/tls/private/hostname.key