How to install SSL Certificate
I remember, a few days back we were working on one e-commerce startup. While talking about the required features, when I counted SSL, he gave me such a look as if I committed some crime. Well, let me tell you he is not alone. Many website owners don’t find SSL worthy to be integrated. Before I proceed on how to configure, let me tell you Why.
Why is SSL Certificate important?
The primary and important reason is to keep the sensitive information encrypted across the Internet encrypted to ensure that only the dedicated recipient can recognize it. This becomes important because the data that we send over the Internet passes from computer to computer to reach to the target server. During this journey, any computer between you and the target server can see your sensitive information like username, passwords, credit card numbers, and much more, if it is not encrypted with an SSL certificate. On the contrary, when an SSL certificate is used, the sent information becomes indecipherable to everyone other than the designated server. This protects from hackers & identity thieves. Now you see why SSL Certificate is important.
How to install SSL Certificate?
1. Generate a CSR and Private Key
First of all, you have to create CSR & KEY on your server. For this open your terminal and copy paste the following code.
openssl req -newkey rsa:2048 -nodes -keyout yourdomainname.com.key -out yourdomainname.com.csr
To generate a CSR (yourdomainname.com.csr), and a private key (yourdomainname.com.key), run the command (replace the yourdomainname.com with the name of your domain)
Now, fill up the required fields. If you don’t know the answers of the field, then leave those fields empty. Just make sure that the name in “Common Name” field matches the name you want to use your certificate with–Like – yourdomainname.com.
Example:-
Country Name (2 letter code) [AU]:IN
State or Province Name (full name) [Some-State]:West Bengal
Locality Name (eg, city) []:Kolkata
Organization Name (eg, company) [Internet Widgits Pty Ltd]:Your Company
Organizational Unit Name (eg, section) []:Web Security
Common Name (e.g. server FQDN or YOUR name) []:your_domain.com
Email Address []:your_email@domain.com
You can find the CSR and KEY in your server root directory.
2. Purchase Certificate and Upload CSR
Purchase a certificate from Namecheap or anywhere. Then open the Dashboard, upload the CSR file (which you created in the root directory) and activate the certificate.
3. Verify your domain
The certificate company provides you a txt file to verify your domain. Download the txt file and upload it to your /var/www/html directory.
4. Configure Apache to Use SSL
By this time, you would receive the certificate via email. Download the CRT and ca-bundle file and upload it to your server root directory, where you generated CSR and KEY.
Then proceed to /etc/apache2/sites-available and Download the 000-default.conf file.
Edit the following fields ONLY. Leave the remaining the way it is.
<VirtualHost *:80>
ServerName www.your_domain.com
Redirect / https://www.your_domain.com/
DocumentRoot /var/www/html
</VirtualHost>
<VirtualHost *:443>
ServerName www.your_domain.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /root/your_domain.crt
SSLCertificateKeyFile /root/your_domain.com.key
SSLCertificateChainFile /root/your_domain.ca-bundle
</VirtualHost>
Then upload the file in this directory and check the Apache validity of the config files in the server. Put the code in terminal apachectl configtest and check whether apache config is ok or not. Make sure to resolve the error first, if any.
Then, enable the Apache SSL module by running this command: sudo a2enmod ssl
Now, restart your server by running this command: reboot
Done. SSL is installed in your domain. You can check by visiting – https://www.your_domain.com
If you have any queries, then feel free to write in the comment section or for any personalized support you can ping me at info@tcatechnology.com.
Anupam Maity, September 7, 2016
