SSL stands for Secure Sockets Layer, the protocol which provides the encryption. It provides secure, encrypted communications between a website and an internet browser. and are typically installed on pages that require end-users to submit sensitive information over the internet like credit card details or passwords, used to secure our website and web app.
- Install OpenSSL
OpenSSL is a software library to be used in applications that need to secure communication over the internet. To install on Ubuntu/Debian run the following command.
sudo apt-get update sudo apt-get install openssl
- Generate Key and CSR
CSR stands for Certificate Signing request, To generate server key and CSR file run the following command, replace example.com to your domain name on which you want to install SSL certificate
openssl genrsa -out example.com.key 2048 openssl req -new -sha256 -key example.com.key -out example.com.csr
When you will run the above command it will ask your information like
State or Province: XYZ
City or Locality: XYZ
Organization Unit: XYZ
Common Name: www.example.com
Fill out your details and hit enter, In Country provide two digits of your country code(example India: IN, USA: US etc )
Download these two files (example.com.key and example.com.csr) and submit it to the certificate provider, Than they will issue the certificate. The certificate should contains two file .crt and .ca-bundle or bundle.crt
Put your certificate file, bundle file and key file in the directory /etc/ssl/certs/
SSLCertificateFile — Certificate file
SSLCertificateKeyFile — Server key file
SSLCertificateChainFile — bundle file
- Configure Apache Web Server
create the virtual host in apache, edit the file and make the virtual host for your domain and include the domain name, port 443, certificate file path etc.
sudo nano /etc/apache2/site-enabled/000-default.conf
If you want to redirect all your traffic to https than make sure you are also adding redirect rule. The virtual host may look like
<VirtualHost *:443> ServerAdmin [email protected] DocumentRoot /var/www/html ServerName example.com ServerAlias www.example.com SSLEngine on SSLCertificateFile /etc/ssl/certs/example.com.crt SSLCertificateKeyFile /etc/ssl/certs/example.com.key SSLCertificateChainFile /etc/ssl/certs/example_bundle.crt <Directory /var/www/html> Options FollowSymLinks AllowOverride All </Directory> </VirtualHost> #Redirect all http traffic to https <VirtualHost *:80> ServerName example.com ServerAlias www.example.com Redirect permanent / https://www.example.com </VirtualHost>
- Enable SSL Mode in apache
sudo a2enmod ssl
- Restart apache services
sudo service apache2 restart
Open your website URL in web browser eg. example.com or www.example.com and you will see a green(Secure) lock before the URL.
Linux/Windows System and SQL Server Database Administrator with more than 4.5 years of experience in Linux Servers administration, Windows Administration, Network Administration, SQL Server Administration, MySQL Administration and SQL Programming.