How to install SSL Certificates with Apache 2 on Ubuntu 12.04

Please note that commercial SSL certificates require a unique IP address each for SSL-enabled site, although multiple non-SSL sites may also share that IP address.

Step – 1 Create a Certificate Signing Request

A CSR is an encrypted body of text. Your CSR will contain encoded information specific to your company and domain name; this information is known as a Distinguished Name or DN.
In the DN for most servers are the following fields: Country, State (or Province), Locality (or City), Organization, Organizational Unit, and Common Name. Please note:
1. The Country is a two-digit code — for the United States, it’s ‘US’. For countries outside of the United States,
2. State and Locality are full names, i.e. ‘California’, ‘Los Angeles’.
3. The Organization Name is your Full Legal Company or Personal Name, as legally registered in your locality.
4. The Organizational Unit is whichever branch of your company is ordering the certificate such as accounting, marketing, etc.
5. The Common Name is the Fully Qualified Domain Name (FQDN) for which you are requesting the ssl certificate.
If you are generating a CSR for a Wildcard Certificate your common name must start with *. (for example: *.digicert.com). The wildcard character (*) will be able to assume any name that does not have a “dot” character in it.
To remain secure, certificates must use keys which are at least 2048 bits in length. If your server platform can’t generate a CSR with a 2048-bit key

mkdir /etc/apache2/ssl
 cd /etc/apache2/ssl
 openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr

Replace yourdomain with the domain name you’re securing. For example, if your domain name is viralsolani.co, you would type viralsolani.co.key and viralsolani.co.csr.

• This begins the process of generating two files: the Private-Key file for the decryption of your SSL Certificate, and a certificate signing request (CSR) file (used to apply for your SSL Certificate) with apache openssl.

• Open the CSR file with a text editor and copy and paste it (including the BEGIN and END tags) into the form from where you purchase your SSL certificate.

• Save (backup) the generated .key file as it will be required later for Certificate installation

Execute the following command to protect the key:
chmod 400 /etc/apache2/ssl/www.yourdomain.com.key

Execute the following command to protect the signed certificate:

chmod 400 /etc/apache2/ssl/www.mydomain.com.crt

Step – 2 Get the Certificate Authority Root Certificate
In My case it is Go Daddy. So you need to go from wherever you purchase your SSL certificate and you need to submit the below generated CSR. And you can then download the certificate.
You will get two files. I’ve upload that two files in same folder where I’ve put my CSR and Private key that i.e /etc/apache2/ssl/
Step – 3 Configure Apache to use the Signed SSL Certificate.

This configuration vary depend upon OS and version of that OS. So I’ve installed Ubuntu 12.04 and to configure the certificate you need to do below steps.
You need to configuration in Apache virtual hosting file.
So now you need to go: /etc/apache2/sites-available/default-ssl

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin viral.solani@gmail.com

DocumentRoot /var/www
<Directory />
Options FollowSymLinks
AllowOverride None
</Directory>
<Directory /var/www/>
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Order allow,deny
allow from all
</Directory>

SSLCertificateFile    /etc/apache2/ssl/yourdomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/yourdomain.com.key
SSLCertificateChainFile /etc/apache2/ssl/gd_bundle.crt

</VirtualHost>
</IfModule>

Basically you need to locate yourdomain.com.crt , yourdomain.com.key and gd_bundle.crt.
Now last thing you need to do is restart you apache with the following command

 /etc/init.d/apache2 restart

You should now be able to visit your site with SSL enabled. Congratulations, you’ve installed a commercial SSL certificate!

Advertisements