On the modern web serving over HTTPS is becoming the standard. So it is important to know how to setup and install SSL certificates. Follow the steps below:
- Create a Certificate Signing Request (CSR)
- Purchase the SSL certificate from a Certificate Authority
- Install certificate files on the server
1. Create a Certificate Signing Request (CSR)
In order to purchase the SSL certificate a CSR must first be generated which will be submitted at the time of purchase. To generate the CSR run the following command on the server.
openssl req -newkey rsa:2048 -nodes -keyout sitename.com.key -out sitename.com.csr
Answer the questions specific to the domain and installation. This will then output a .csr and .key file. Move both of the files to someone safe on the server. In the this example they will be put in /home/ssl-certs.
2. Purchase the SSL certificate from a Certificate Authority
Purchase the SSL certificate from a trusted Certificate Authority. In order to obtain the SSL certificate the CSR must be submitted at time of purchase. When purchased the Certificate authority will provide the valid SSL certificate and any intermediate bundle certificates which must also be installed for the SSL certificate to be verified.
3. Install certificate files on the server
Take the purchased SSL certificates and move them to the /home/ssl-certs folder on the server. In the folder you should have:
- sitename.crt
- sitename.key
- sitename-intermediate.crt
- sitename.csr
Next step is to update the server config (assuming the server is running apache). Navigate to /etc/apache2/sites-enabled directory and open the 000-default.conf file. By default the config is setup for port 80 http traffic. Edit the file to redirect port 80 to 443 and specify where the certificates and key files are located. It should look something like below:
<VirtualHost *:80>
ServerName www.sitename.com
Redirect permanent / https://www.sitename.com
</VirtualHost>
<VirtualHost *:443>
ServerName www.sitename.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /home/ssl-certs/sitename.crt
SSLCertificateKeyFile /home/ssl-certs/sitenam.key
SSLCACertificateFile /home/ssl-certs/sitename-intermediate.crt
</VirtualHost>
The final step is to restart apache:
sudo service apache2 restart
If all was done correctly the site should now be served over HTTPS.