How to Install an SSL Certificate on Ubuntu Server -

How to Install an SSL Certificate on Ubuntu Server

108 views 0 Comments

Step 1: Use the SSH command to log into your server

Step 2: Create the private key and CSR files

At the prompt enter the following command:

openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr

Don’t forget to replace mydomain with your actual domain name. For example, if your domain name is example.com, you must type example.key and example.csr

Step 3: Fill in your details

Provide up-to-date details about your company to the Certificate Authority. Follow the examples below:

  • Country Name – enter the two-letter code of the country where your business is legally registered, i.e., “US”.
  • State or Province – submit the full name of the state or province where your company is registered.
  • City or Locality – submit the full name of the city where your organization is registered.
  • Organization Name – For Business Validation and Extended Validation certificates, enter your organization’s legal name (e.g. GPI Holding LLC). For Domain Validation certificates, type your full name.
  • Organizational Unit Name – Usually it’s the department responsible for SSL management. For example, “IT” or “Web Administration”
  • Common Name – enter the FQDN (fully qualified domain name) you want to secure, for example, ssldragon.com.
    Note: If you’ve bought a wildcard certificate, add an asterisk in front of your domain name, but don’t include https or any other characters; for example, *.ssldragon.com
  • Email Address – enter a valid email address.
  • A challenge password – this extra attribute is optional. You may create a password to secure your SSL certificate further. Make sure you remember it.
  • An optional company name – this field is self-explanatory. You may add an optional name for your company.

Congratulations! You’ve successfully created the Certificate Signing Request key on Ubuntu.

The newly generated files are yourdomain.csr, and yourdomain.key. You can use the ls command to find them in your working directory.

Open a text editor such as Notepad to copy the CSR file and submit it to the Certificate Authority during your order process.

Step 1: Copy your certificate files to your server

Once you’ve completed the validation process, the Certificate Authority will send the SSL certificate files via email. Download the archived folder, and extract the server and intermediate certificates or CA Bundle. Upload them to the Ubuntu server in a specific directory.

You should have the following files ready for upload:

  • certificate.crt
  • Ca-bundle.crt
  • Private.key

Copy your certificate files to a directory on your server. By default, this directory is /etc/ssl/ for your certificate.crt and ca_bundle.crt files, and /etc/ssl/private/ for your private.key file.

Step 2: Edit the Apache.config file

Its usual location is in /etc/apache2/sites-enabled/your_site_name. If you don’t find it there, run the following command:

sudo a2ensite your_site_name

Open the Apache.config file with a text editor of your choice.

Note: To access your site via both HTTP and HTTPS, you must separate two different files in the sites-enabled folder. The HTTP file is for port 80, while the HTTPS one is for port 443.

Step 3: Configure the Virtual Host block

This action will make your site accessible only via the secure HTTPS protocol. Your default Virtual Host block contains the following lines of code:

DocumentRoot /var/www/site
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key
SSLCertificateChainFile /path/to/yourdomain.crt

Adjust the Virtual Host block according to your SSL certificate details:

  • In the SSLCertificate File parameter update the location of your SSL certificate file
  • In the SSLCertificateKeyFile parameter, enter the location of the private key file you created during the CSR generation.
  • In the SSLCertificateChainFile parameter, provide the location of the intermediate certificate file or CA bundle.

Note: If the SSLCertificateFile directive doesn’t work, use the SSLCACertificateFile instead.

Double-check the Virtual Host block, and save the .config file.

Step 4: Test your new .config file

Run the apachectlConfigtest command to test your new .config file for potential errors. If something is wrong with your configuration, you may need to go back and repeat the previous installation steps. If it works correctly, continue with the final step.

Step 5: Restart the Apache

Use the apach ectl stop and apa chectl start commands to restart the Apache.

Leave a Reply

Your email address will not be published. Required fields are marked *