1. Generate CSR openssl req -nodes -newkey rsa:2048 -keyout www.domain.key -out www.domain.csr
Country Name (2 letter code) [AU]: US State or Province Name (full name) [Some-State]: State Locality Name (eg, city) []: City Organization Name (eg, company) [Internet Widgits Pty Ltd]: Company Name Organizational Unit Name (eg, section) []: Webhosting Common Name (eg, YOUR name) []: www.domain.com Email Address []:webmaster@domain.com
A challenge password []:
An optional company name []:
2. Install mod_ssl
yum install mod_ssl
3. Create ssl directory
mkdir /var/www/domain.data/ssl
4. ftp files to server into ssl directory
5. cat AddTrustExternalCARoot.crt COMODORSAAddTrustCA.crt COMODORSADomainValidationSecureServerCA.crt >ca-bundle.crt
6. Edit httpd.conf
<VirtualHost x.x.x.x:443>
ServerAdmin webmaster@domain.com
DocumentRoot /var/www/domain.data/html
ServerName www.domain.com
ServerAlias domain.com
ErrorLog logs/domain-error_log
CustomLog logs/domain-access_log combined
SSLProtocol All -SSLv2 -SSLv3
SSLCipherSuite ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-GCM-SHA384:DHE-RSA-AES128-GCM-SHA256:DHE-DSS-AES128-GCM-SHA256:kEDH+AESGCM:ECDHE-RSA-AES128-SHA256:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES128-SHA:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA:ECDHE-ECDSA-AES256-SHA:DHE-RSA-AES128-SHA256:DHE-RSA-AES128-SHA:DHE-DSS-AES128-SHA256:DHE-RSA-AES256-SHA256:DHE-DSS-AES256-SHA:DHE-RSA-AES256-SHA:AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-SHA256:AES256-SHA256:AES128-SHA:AES256-SHA:AES:CAMELLIA:DES-CBC3-SHA:!aNULL:!eNULL:!EXPORT:!DES:!RC4:!MD5:!PSK:!aECDH:!EDH-DSS-DES-CBC3-SHA:!EDH-RSA-DES-CBC3-SHA:!KRB5-DES-CBC3-SHA:!EDH
SSLHonorCipherOrder on
SSLEngine on
SSLCertificateFile /var/www/domain.data/ssl/www_domain_com.crt
SSLCertificateKeyFile /var/www/domain.data/ssl/www.domain.com.key
SSLCACertificateFile /var/www/domain.data/ssl/ca-bundle.crt
7. Restart httpd
service httpd restart