Friday, 9 May 2014

How to install SSL Certificates with Apache 2 on Ubuntu

Step – 1 Create a Certificate Signing Request(CSR file)

A CSR is an encrypted body of text. Your CSR will contain encoded information specific to your company and domain name; this information is known as a Distinguished Name or DN.
In the DN for most servers are the following fields: Country, State (or Province), Locality (or City), Organization, Organizational Unit, and Common Name.

Please note:
1. The Country is a two-digit code — for the United States, it’s ‘US’. For countries outside of the United States.
2. State and Locality are full names, i.e. ‘California’, ‘Los Angeles’.
3. The Organization Name is your Full Legal Company or Personal Name, as legally registered in your locality.
4. The Organizational Unit is whichever branch of your company is ordering the certificate such as accounting, marketing, etc.
5. The Common Name is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate.

If you are generating a CSR for a Wildcard Certificate your common name must start with *. (for example: * The wildcard character (*) will be able to assume any name that does not have a “dot” character in it.

To remain secure, certificates must use keys which are at least 2048 bits in length. If your server platform can’t generate a CSR with a 2048-bit key
first connect with server through terminal(Ctrl+Alt+T)
create a diractory name as 'SSL' in etc/apache2/

 mkdir /etc/apache2/ssl
 cd /etc/apache2/ssl
 openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Replace yourdomain with the domain name you’re securing. For example, if your domain name is, you would type and

This begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl.
Open the CSR file with a text editor and copy and paste it (including the BEGIN and END tags) into the form from where you purchase your SSL certificate.
Save (backup) the generated .key file as it will be required later for Certificate installation

Execute the following command to protect the key:
chmod 400 /etc/apache2/ssl/
Execute the following command to protect the signed certificate:
chmod 400 /etc/apache2/ssl/
Step – 2 Get the Certificate Authority Root Certificate

You need to go from wherever you purchase your SSL certificate and you need to submit the below generated CSR. And you can then download the certificate.
You will get two files. upload that two files in same folder where I’ve put my CSR and Private key i.e /etc/apache2/ssl/

Step – 3 Configure Apache to use the Signed SSL Certificate.

This configuration vary depend upon OS and version of that OS. So I’ve installed Ubuntu 12.04 and to configure the certificate you need to do below steps.
You need to configuration in Apache virtual hosting file(ubuntu 12.04).
So now you need to go: /etc/apache2/sites-available/default-ssl
Ubuntu 14.04
So now you need to go: /etc/apache2/sites-available/default-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost _default_:443>
DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
SSLCertificateFile    /etc/apache2/ssl/
SSLCertificateKeyFile /etc/apache2/ssl/
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt
Basically you need to locate , and gd_bundle.crt.
Now last thing you need to do is restart you apache with the following command
/etc/init.d/apache2 restart
sudo service apache2 restart
You should now be able to visit your site with SSL enabled. Congratulations!!

No comments:

Post a Comment