On your intended webserver, install mod_ssl via yum or whatever your package manager is.
# Change to the /tls/ directory
$ cd /etc/pki/tls/
# Create a new encrypted private key
$ openssl genrsa -aes128 -out private/httpdkey.pem
# Input a password you'll remember as prompted
# Generate a self-signed certificate using the encrypted private key you just made
$ openssl req -new -x509 -key private/httpdkey.pem -out certs/httpdcert.pem -days 365
# Input passphrases as previously prompted
Here you would input some information about your site's certificate. This will include
- Country Name: Likely
US - State or Province Name: Likely
Virginia - Locality Name: Likely
Arlington - Organization Name: Likely
In-Q-Tel - Common Name: Site's DNS or Alias, such as
iqt.example.com - Email Address: Your webmaster e-mail address
webmaster@iqt.org
In this example we're configuring an apache virtual host
# Edit /etc/httpd/conf.d/ssl.conf
# In the SSL Virtual Host Context Section add
Servername <your_common_name>:443
# Find/Replace the following lines correctly
SSLCertificateFile /etc/pki/tls/certs/httpdcert.pem
...
SSLCertificateKey /etc/pki/tls/private/httpdkey.pem
Restart the httpd engine with systemctl restart httpd and enter your SSL passphrase
Open port 443 on the OS firewall
$ firewall-cmd --add-service=https --permanent
# Reload the firewall
$ firewall-cmd --reload
On another local machine, you can actually now hit SSL on the Common Name you've assigned it (for public addresses you would need to resolve DNS to the public IP) or you can just use the local/public IPs assigned to validate SSL:
$ openssl s_client -connect iqt.example.org:443
# Again, you can use ipv4 for private/public IPs in place of the CN and get the same result!