SSL Certificates with Apache web server on Linux Cloud Servers

2019-10-15 By Tan 6456 Views linux ssl web servers security
2 reviews

The Secure Sockets Layer certificate (SSL Certificate) is small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the HTTPS protocol and allows secure connections from a web server to a browser.

The easiest way to secure your website is by using an SSL certificate and HTTPS. SSL installation involves three general steps, which are as below:

  • Generating a Certificate Signing Request (CSR)
  • Purchase of SSL certificate from an SSL vendor
  • Installation of SSL certificate in the server


See the instructions for generating CSR and processing SSL installation below.

Generate CSR file for CentOS, Debian and Ubuntu


  1. To generate the CSR file and Private Key for the certificate, use the following command.

    # openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite.key -out mywebsite.csr
    

Note: Please replace mywebsite with your real domain name.

  1. Now submit the required information about your company to the CA. Fill in the fields as shown below.
  • Common name: Your fully qualified domain/website name.
  • Organization: Your company’s legally registered name.
  • An optional company – This is another option attribute. You can add your Brand name or leave the field blank.
  • Email Address – A valid email address.
  • A challenge password – This is an optional attribute. If you decide to create a password, write it down or make sure to remember it.
  • Organizational unit: The name of your department within the organization.
  • City/locality: The city where your company is located.
  • State/province: The state/province where your company is located.
  • Country Name – Enter the two-letter country code where your organization is officially registered.
  1. After entering the above details, the CSR and private key files are ready. Then find them in the working directory via the ls command.

  2. The generated CSR can then be used to order the SSL certificate from any third-party SSL providers.

Install SSL Certificate


Once the SSL provider has issued and provided the certificate, you need to install and configure the SSL certificate in the server where the CSR was generated. Copy the downloaded SSL certificate, that you received from the SSL provider on a location in your server. Make sure to set file is readable by root only. For example, let the certificate files and private key be copied to the location /etc/ssl/sslfiles in the server.

CentOS & Fedora


  1. Edit the virtual host entries in the /etc/httpd/conf.d/ssl.conf file to include the certificate file, Key file and CA bundle that should be used by each domain. Replace each mention of yourdomain.com with your domain.

    # sudo vi /etc/httpd/conf.d/ssl.conf 
    
    
    <virtualhost *:443="">
    ServerName www.yourdomain.com
    DocumentRoot /var/www/html
    SSLEngine on
    SSLCertificateFile /etc/ssl/sslfiles/yourdomain.crt
    SSLCertificateKeyFile /etc/ssl/sslfiles/yourdomain.key
    SSLCACertificateFile /etc/ssl/sslfiles/root-certificate.crt
    </virtualhost>
    
  2. Adjust it to your own SSL certificate details and save the .config file.

  • SSLCertificateFile – Provide the location (on your server) of your SSL certificate.
  • SSLCertificateKeyFile – Specify the location (on your server) of the private key file (you created the private key file along with the CSR code)
  • SSLCertificateChainFile – Enter the location (on your server) of your intermediate certificate.
  1. Scan for errors.

    # apachectl configtest 
    
  2. If there’s an issue with the configuration, perform the installation steps again, from the very beginning. If there are no errors, move on to the final step.

  3. Finally restart the Apache services.

    # systemctl stop httpd
    # systemctl start httpd
    


Debian & Ubuntu


  1. Locate and edit the Apache .config file. It usually resides in the /etc/apache2/sites-enabled/your_site_name directory. If it’s not there, find it via the following command.

    # sudo a2ensite your_site_name
    
  2. Open the Apache .config file using the text editor.

Note: To connect to the site through both HTTP and HTTPS, then need to create two separate files in the sites-enabled directory. The HTTP file will use port 80 to establish the connection, while the HTTPS one will perform the same action via port 443.

  1. In the .config file, find the Virtual Host block. Then edit it to make the website available only via HTTPS. By default, the Virtual Host block looks like this:

    <virtualhost *:443="">
    ServerName www.yourdomain.com
    SSLEngine on
    SSLCertificateFile /path/to/yourdomain.crt
    SSLCertificateKeyFile /path/to/yourdomain.key
    SSLCertificateChainFile /path/to/yourdomain.crt
    </virtualhost>
    
  2. Adjust it to your own SSL certificate details and save the .config file.

  • SSLCertificateFile – Provide the location (on your server) of your SSL certificate.
  • SSLCertificateKeyFile – Specify the location (on your server) of the private key file (you created the private key file along with the CSR code)
  • SSLCertificateChainFile – Enter the location (on your server) of your intermediate certificate.
  1. Scan for errors.

    # apachectlConfigtest 
    
  2. If there’s an issue with the configuration, perform the installation steps again, from the very beginning. If there are no errors, move on to the final step.

  3. Finally restart the Apache services.

    # apachectl stop 
    # apachectl start
    


Testing the SSL Certificate Installation


  1. For best results, make sure to close your web browser first and then re-launch it.

  2. Visit your site with the secure HTTPS URL (i.e., go to https://www.example.com, not http://www.example.com).


Related LayerStack Product


Related Tutorials

What do you think about this article?

Rate this article
LayerStack Promotion
Need assistance?

Try this guide to receive free bundled services at signup on a new free account.

Sign Up

Your Feedback Is Important

We hope you’ll give the new products and updates a try. If you have an idea for improving our products or want to vote on other user ideas so they get prioritized, please submit your feedback on our Community platform. And if you have any questions, please feel free to ask in the Community or contact our Technical Support team.