How to Install SSL Certificate on Linux Apache Web Server

SSL stands for Secure Sockets Layer, the protocol which provides the encryption. It provides secure, encrypted communications between a website and an internet browser. and are typically installed on pages that require end-users to submit sensitive information over the internet like credit card details or passwords, used to secure our website and web app.

  • Install OpenSSL

OpenSSL is a software library to be used in applications that need to secure communication over the internet. To install on Ubuntu/Debian run the following command.

sudo apt-get update
sudo apt-get install openssl
  • Generate Key and CSR

CSR stands for Certificate Signing request, To generate server key and CSR file run the following command, replace example.com to your domain name on which you want to install SSL certificate

openssl genrsa -out example.com.key 2048
openssl req -new -sha256 -key example.com.key -out example.com.csr

When you will run the above command it will ask your information like

Country: IN
State or Province: XYZ
City or Locality: XYZ
Organization Unit: XYZ
Organization: XYZ
Common Name: www.example.com

Fill out your details and hit enter, In Country provide two digits of your country code(example India: IN, USA: US etc )

Download these two files (example.com.key and example.com.csr) and submit it to the certificate provider, Than they will issue the certificate. The certificate should contains two file .crt and .ca-bundle or bundle.crt

Put your certificate file, bundle file and key file in the directory /etc/ssl/certs/

SSLCertificateFile — Certificate file
SSLCertificateKeyFile — Server key file
SSLCertificateChainFile — bundle file

  • Configure Apache Web Server

create the virtual host in apache, edit the file and make the virtual host for your domain and include the domain name, port 443, certificate file path etc. sudo nano /etc/apache2/site-enabled/000-default.conf

If you want to redirect all your traffic to https than make sure you are also adding redirect rule. The virtual host may look like

<VirtualHost *:443>
ServerAdmin [email protected]
DocumentRoot /var/www/html
ServerName example.com
ServerAlias www.example.com
SSLEngine on
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/certs/example.com.key
SSLCertificateChainFile /etc/ssl/certs/example_bundle.crt
<Directory /var/www/html>
Options FollowSymLinks
AllowOverride All
</Directory>
</VirtualHost>

#Redirect all http traffic to https

<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://www.example.com
</VirtualHost>
  • Enable SSL Mode in apache
sudo a2enmod ssl
  • Restart apache services
sudo service apache2 restart

Open your website URL in web browser eg. example.com or www.example.com and you will see a green(Secure) lock before the URL.

Leave a Reply

Your email address will not be published. Required fields are marked *