Posted on by

How to setup an SSL certificate

On the modern web serving over HTTPS is becoming the standard. So it is important to know how to setup and install SSL certificates. Follow the steps below:

  1. Create a Certificate Signing Request (CSR)
  2. Purchase the SSL certificate from a Certificate Authority
  3. Install certificate files on the server

1. Create a Certificate Signing Request (CSR)

In order to purchase the SSL certificate a CSR must first be generated which will be submitted at the time of purchase. To generate the CSR run the following command on the server.

openssl req -newkey rsa:2048 -nodes -keyout sitename.com.key -out sitename.com.csr

Answer the questions specific to the domain and installation. This will then output a .csr and .key file. Move both of the files to someone safe on the server. In the this example they will be put in /home/ssl-certs.

2. Purchase the SSL certificate from a Certificate Authority

Purchase the SSL certificate from a trusted Certificate Authority. In order to obtain the SSL certificate the CSR must be submitted at time of purchase. When purchased the Certificate authority will provide the valid SSL certificate and any intermediate bundle certificates which must also be installed for the SSL certificate to be verified.

3. Install certificate files on the server

Take the purchased SSL certificates and move them to the /home/ssl-certs folder on the server. In the folder you should have:

  • sitename.crt
  • sitename.key
  • sitename-intermediate.crt
  • sitename.csr

Next step is to update the server config (assuming the server is running apache). Navigate to /etc/apache2/sites-enabled directory and open the 000-default.conf file. By default the config is setup for port 80 http traffic. Edit the file to redirect port 80 to 443 and specify where the certificates and key files are located. It should look something like below:


  <VirtualHost *:80>
    ServerName www.sitename.com
    Redirect permanent / https://www.sitename.com
  </VirtualHost>

  <VirtualHost *:443>
    ServerName www.sitename.com

    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    ErrorLog ${APACHE_LOG_DIR}/error.log
    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on
    SSLCertificateFile /home/ssl-certs/sitename.crt
    SSLCertificateKeyFile /home/ssl-certs/sitenam.key
    SSLCACertificateFile /home/ssl-certs/sitename-intermediate.crt
  </VirtualHost>

The final step is to restart apache:

sudo service apache2 restart

If all was done correctly the site should now be served over HTTPS.

Published by ajb