How to Set-up SSL certificates on your Linux server

01 / Jun / 2012 by Gautam Malhotra 2 comments

In one of my project, I have to set-up SSL certificates for my website to make it secure, so that it could also be access via https protocol. SSL is a way to secure internet communication from your browser to a secure website. The websites using SSL will have https:// to their name.

Following are the steps to set-up SSL certificate on your server:
1. Issue Command to Generate Key: openssl genrsa -des3 -out www.MY_DOMAIN_NAME.com.key 2048.
2. Issue Command to Generate CSR(Certificate Signing Request):
openssl req -new -key www.MY_DOMAIN_NAME.com.key -out www.MY_DOMAIN_NAME.com.csr.

This command will prompt for the following X.509 attributes of the certificate:
– Country Name: Use the two-letter code without punctuation for country, for example: US or CA.
– State or Province: Spell out the state completely; do not abbreviate the state or province name, for example: California
– Locality or City: The Locality field is the city or town name, for example: Berkeley. Do not abbreviate. For example: Saint Louis, not St. Louis
– Company: If the company or department has an &, @, or any other symbol using the shift key in its name,the symbol must be spelled out or omitted, in order to enroll. Example: XY & Z Corporation would be XYZ Corporation or XY and Z Corporation.
– Common Name: The Common Name is the Host + Domain Name. It looks like “www.company.com” or “company.com”. etc.
You can skip other attributes by pressing return (or enter)

3. You can verify your CSR (Optional) Here
4. Now, At verilog site or any other site apply for test certificates and fill up the details over there, paste your www.MY_DOMAIN_NAME.com.csr file content on the request form and submit it.
5. After few minutes, You will receive an email which contains the certificate attached in its body, copy that certificate and save it as www.MY_DOMAIN_NAME.com.crt on your server. (For email,check your spam also ;) )
6. Enable MOD-SSL by Issuing Commands: a2enmod ssl
7. Now you need to update the apache config file. Open you sites apache-config file located at /etc/apache2/sites-available/YOUR_SITE_NAME. This is an XML File . Modify “VirtualHost *.80” to “VirtualHost *.443” (443 Port is used for SSL) and paste the following code inside the “VirtualHost *:443” tag.

SSLEngine on
SSLCertificateFile COMPLETE_PATH_TO_CRT_FILE (like /home/user/ssl/www.MY_DOMAIN_NAME.com.crt)
SSLCertificateKeyFile COMPLETE_PATH_TO_KEY_FILE (like /home/user/ssl/www.MY_DOMAIN_NAME.com.key)

– Note: For using both http and https protocol, copy and paste “VirtualHost *.80” tag, modify copied “VirtualHost *.80” to “VirtualHost *.443” (443 Port is used for SSL) and paste the above code inside your “VirtualHost *.443” tag.

7. You can verify your apache config, using the command: apache2ctl configtest
8. Restart apache by issuing command: /etc/init.d/apache2 restart OR apache2ctl restart

Hope it helps.

Regards,
Gautam Malhotra
gautam@intelligrape.com

FOUND THIS USEFUL? SHARE IT

comments (2)

  1. Virgil Kazan

    Very insightful perspective on site security with ssl. Thanks, I really walked away more educated than before. Wildcard SSL certificates can secure multiple subdomains is something I recently acquired.

    Reply
  2. insightful

    Very knowledgeable piece on site security with ssl. Thanks, I really walked away more educated than before. ssl wildcard certs can secure multiple subdomains is something I recently acquired.

    Reply

Leave a comment -