SSL Certificates with Apache web server on Linux Cloud Servers
The Secure Sockets Layer certificate (SSL Certificate) is small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the HTTPS protocol and allows secure connections from a web server to a browser.
The easiest way to secure your website is by using an SSL certificate and HTTPS. SSL installation involves three general steps, which are as below:
- Generating a Certificate Signing Request (CSR)
- Purchase of SSL certificate from an SSL vendor
- Installation of SSL certificate in the server
See the instructions for generating CSR and processing SSL installation below.
Generate CSR file for CentOS, Debian and Ubuntu
To generate the CSR file and Private Key for the certificate, use the following command.
# openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite.key -out mywebsite.csr
Note: Please replace
mywebsitewith your real domain name.
- Now submit the required information about your company to the CA. Fill in the fields as shown below.
Common name: Your fully qualified domain/website name.Organization: Your company’s legally registered name.An optional company– This is another option attribute. You can add your Brand name or leave the field blank.Email Address– A valid email address.A challenge password– This is an optional attribute. If you decide to create a password, write it down or make sure to remember it.Organizational unit: The name of your department within the organization.City/locality: The city where your company is located.State/province: The state/province where your company is located.Country Name– Enter the two-letter country code where your organization is officially registered.
After entering the above details, the CSR and private key files are ready. Then find them in the working directory via the
lscommand.The generated CSR can then be used to order the SSL certificate from any third-party SSL providers.
Install SSL Certificate
Once the SSL provider has issued and provided the certificate, you need to install and configure the SSL certificate in the server where the CSR was generated. Copy the downloaded SSL certificate, that you received from the SSL provider on a location in your server. Make sure to set file is readable by root only. For example, let the certificate files and private key be copied to the location /etc/ssl/sslfiles in the server.
CentOS & Fedora
Edit the virtual host entries in the
/etc/httpd/conf.d/ssl.conf fileto include the certificate file, Key file and CA bundle that should be used by each domain. Replace each mention ofyourdomain.comwith your domain.# sudo vi /etc/httpd/conf.d/ssl.conf <virtualhost *:443=""> ServerName www.yourdomain.com DocumentRoot /var/www/html SSLEngine on SSLCertificateFile /etc/ssl/sslfiles/yourdomain.crt SSLCertificateKeyFile /etc/ssl/sslfiles/yourdomain.key SSLCACertificateFile /etc/ssl/sslfiles/root-certificate.crt </virtualhost>Adjust it to your own SSL certificate details and save the
.configfile.
SSLCertificateFile– Provide the location (on your server) of your SSL certificate.SSLCertificateKeyFile– Specify the location (on your server) of the private key file (you created the private key file along with the CSR code)SSLCertificateChainFile– Enter the location (on your server) of your intermediate certificate.
Scan for errors.
# apachectl configtestIf there’s an issue with the configuration, perform the installation steps again, from the very beginning. If there are no errors, move on to the final step.
Finally restart the Apache services.
# systemctl stop httpd # systemctl start httpd
Debian & Ubuntu
Locate and edit the Apache
.configfile. It usually resides in the/etc/apache2/sites-enabled/your_site_name directory. If it’s not there, find it via the following command.# sudo a2ensite your_site_nameOpen the Apache .config file using the text editor.
Note: To connect to the site through both HTTP and HTTPS, then need to create two separate files in the sites-enabled directory. The HTTP file will use port 80 to establish the connection, while the HTTPS one will perform the same action via port 443.
In the .config file, find the Virtual Host block. Then edit it to make the website available only via HTTPS. By default, the
Virtual Hostblock looks like this:<virtualhost *:443=""> ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/yourdomain.crt SSLCertificateKeyFile /path/to/yourdomain.key SSLCertificateChainFile /path/to/yourdomain.crt </virtualhost>Adjust it to your own SSL certificate details and save the .config file.
SSLCertificateFile– Provide the location (on your server) of your SSL certificate.SSLCertificateKeyFile– Specify the location (on your server) of the private key file (you created the private key file along with the CSR code)SSLCertificateChainFile– Enter the location (on your server) of your intermediate certificate.
Scan for errors.
# apachectlConfigtestIf there’s an issue with the configuration, perform the installation steps again, from the very beginning. If there are no errors, move on to the final step.
Finally restart the Apache services.
# apachectl stop # apachectl start
Testing the SSL Certificate Installation
For best results, make sure to close your web browser first and then re-launch it.
Visit your site with the secure HTTPS URL (i.e., go to https://www.example.com, not http://www.example.com).
Related LayerStack Product
Related Tutorials
