How do I add and configure a CA issued SSL/TLS certificate on Rocky Linux?

Hi,

I’ve been searching the resources and the forum but I couldn’t find any info about how to install a CA issued SSL/TLS certificate (e.g., from DigiCert or Comodo) on Rocky Linux. There’s only information about free SSL certificates. Can anyone help? Thanks!

Hi @Kiuk, I’m assuming you are talking about where to install the certificates once you have obtained them? For that question it depends on the application you are applying the certificates to. Is this for a website, email server, something else?

Hi @sspencerwire that’s correct. I want to apply the certificate to the web server hosting my organization’s website.

This won’t give you everything you need, as it is based on a philosophy of server setup that uses a single server with at least the possibility of multiple websites: Apache Multiple Site - Documentation

You should be able to scp your certfificate bundle to a non-public location on your server, and then extract the bundle and move the certificate files where they can be read by your web server. That means that the files and directories need permissions for whatever user and group your web server runs as (apache.apache) is assumed in the document I just sent. It also assumes an Apache (httpd) web server, so if you are using Nginx, or something else, let me know.

@sspencerwire Thanks! In fact yes, we are using Nginx. Sorry for not specifying it before. I’ve saved the link for Apache anyway as I’m sure it’ll may come handy sooner or later. Thanks again!

Hi again @Kiuk The person who wrote the Nginx documentation didn’t spend any time on certificates that were not Cerbot (Let’s Encrypt). That said, you should be able to use this as a guide and place your certificates in a logical location for your server. Remember that the permissions of the folder where the certificate files are located needs the web server’s user and group permissions. this external document may be of more help in the overall setup. Hope this helps you!

@sspencerwire Thanks. Got it. Yeah, I noticed that all documentation available in the internet is always related to Certbot. :-/ Anyway, thank you for the resources. I will definitely give it a try . Thanks!