Okay, I did say that we'd look at doing this on a CentOS 7 machine. But I'll make it brief.

You'll install Apache and mod_ssl on CentOS 7 the same way that you did on CentOS 8, except that you'll use the yum command instead of the dnf command. As with CentOS 8, you'll need to enable and start Apache with systemctl, but you won't need to enable the ssl site or the ssl module. And, of course, make sure that port 443 is open on the firewall.

When you do an sslscan of a CentOS 7 machine, you'll see a very long list of supported algorithms, from TLSv1 through TLSv1.2. Even with TLSv1.2, you'll see a few really bad things, like this:

Accepted  TLSv1.2  112 bits  ECDHE-RSA-DES-CBC3-SHA        Curve P-256 DHE 256
Accepted  TLSv1.2  112 bits  EDH-RSA-DES-CBC3-SHA          DHE 2048 bits
Accepted  TLSv1.2  112 bits  DES-CBC3-SHA      

The DES and SHA in these lines indicate that we're supporting use of the antiquated Data Encryption Standard (DES) and version 1 of the Secure Hash Algorithm (SHA). That is not good. Get rid of them by editing the /etc/httpd/conf.d/ssl.conf file. Look for these two lines:

SSLProtocol all -SSLv2 -SSLv3
SSLCipherSuite HIGH:3DES:!aNULL:!MD5:!SEED:!IDEA

Change them to this:

SSLProtocol all -SSLv2 -SSLv3 -TLSv1 -TLSv1.1
SSLCipherSuite HIGH:!3DES:!aNULL:!MD5:!SEED:!IDEA:!SHA

Reload Apache with this command:

sudo systemctl reload httpd

Scan the machine again, and you'll see a lot fewer supported algorithms. (And by the way, one advantage of the new TLSv1.3 is that it completely gets rid of these legacy algorithms.)

Next, let's look at how users can identify themselves to a server.