How to install an SSL Certificate on Ubuntu – SSL Dragon
Generating a CSR code in Ubuntu
——————————————–
You can find written instructions and links below:
1. Use the SSH command to log into your server (Run “sudo apt-get install openssl” to install the SSL key generator, if not already installed).
2. At the prompt, enter the following command “openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr” to create the private key and CSR files, and replace “example” with the actual name of your domain. (Optional: You can create a folder in which the certificates will be stored).
3. Now, you need to provide up-to-date details about your company to the Certificate Authority.
Country Name – enter the two-letter code of the country where your business is legally registered.
State or Province – enter the full name of the state or province where your company is registered.
City or Locality – enter the full name of the city where your organization is registered.
Organization Name – For Business Validation and Extended Validation certificates, enter your organization’s legal name (e.g. GPI Holding LLC). For Domain Validation certificates, type your full name.
Organizational Unit Name – Usually it’s the department responsible for SSL management. For example, “IT” or “Web Administration”.
Common Name – enter the FQDN (fully qualified domain name) you want to secure, for example, ssldragon.com.
Note: If you bought a wildcard certificate, add an asterisk in front of your domain name, but don’t include https or any other characters (e.g. *.ssldragon.com).
Email Address – enter a valid email address.
A challenge password – this extra attribute is optional and NOT recommended.
An optional company name – this field is self-explanatory. You may add an optional name for your company.
4. You have successfully created the CSR key. The newly generated files are example.csr, and example.key. You can use the “ls” command to find them in your working folder. Open a text editor such as Notepad to copy the CSR file and submit to the CA during your order process.
Installing the SSL Certificate
1. Once you’ve completed the validation process, the Certificate Authority will send the SSL certificate files via email. Download the intermediate certificate and root certificate, and upload them to the Ubuntu server, in a specific folder.
2. Now, you need to edit the Apache.config file. Its usual location is in /etc/apache2/sites-enabled/your_site_name. If you don’t find it there, run the following command: ”sudo a2ensite your_site_name”.
3. Open the Apache.config file with a text editor of your choice.
Your next step is to configure the Virtual Host block. This action will make your site accessible only via the secure HTTPS protocol. Your default Virtual Host block contains the following lines of code:
VirtualHost *:443
DocumentRoot /var/www/site
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key
SSLCertificateChainFile /path/to/yourdomain.crt
/VirtualHost
Adjust the Virtual Host block according to your SSL certificate details:
In the SSLCertificate File parameter update the location of your SSL certificate file.
In the SSLCertificateKeyFile parameter, enter the location of the private key file that you created during the CSR generation.
In the SSLCertificateChainFile parameter, provide the location of the intermediate certificate file.
Note: If the SSLCertificateFile directive doesn’t work, use the SSLCACertificateFile instead.
5. Double check the Virtual Host block, and save the .config file. Run ”sudo a2enmod ssl” to turn on SSL.
6. Run the ”sudo apachectl configtest” command to test your new .config file for potential errors. If something is wrong with your configuration, you may need to go back and repeat the previous installation steps.
7. Restart Apache by using ”sudo systemctl restart apache2” and make sure that everything works by running ”sudo systemctl status apache2”.
If you did everything right, your website should display a ”padlock” icon at the beginning of the address/URL bar, which means that the SSL Certificate is configured correctly and HTTPS is enabled.
——————————————–
Links:
Visit SSL Dragon at: https://www.ssldragon.com/
Link to the article: https://www.ssldragon.com/blog/how-to-install-an-ssl-certificate-on-ubuntu/
Background music #1: Goosetaf – Bumblebee – https://youtu.be/BeiOu4fL_gw
Background music #2: Nikos Spiliotis – Helen 2 – https://youtu.be/Ig2LiJBriR4
ubuntu
