Manually configuring SSL for Apache can be tricky for the beginner or those coming from a shared hosting where everything is handled from a control panel such as cPanel or Webmin. The following tutorial will guide you through the steps required for configuring SSL on a Debian based operating system such as Ubuntu, Debian Mint, or good old vanilla Debian. The operating system used for this tutorial was Debian 6 Squeeze, and the SSL certificate was supplied by GoDaddy.com
First thing we should do is navigate to the directory on the filesystem that contains all of our secure certificates. If you’re using Debian or Ubuntu, this directory typically can be found at /etc/ssl/certs/, but before we go any further we should go ahead and elevate our permissions to root.
As root, Navigate to /path/to/certsNote: Default for Debian and Ubuntu is /etc/ssl/certs/
$ cd /path/to/certs
To generate .CSR key to be signed by provider with Apache 2 and OpenSSL use the following command:
$ openssl req -new -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr
Below are explanations for the values that you should provide.
Once the files have been generated, we will need to print the the contents of example.com.csr by using the cat command. This will generate an encrypted signature preceded by -----BEGIN CERTIFICATE REQUEST-----
and followed by -----BEGIN CERTIFICATE REQUEST-----, we will need to copy the contents of the file in its entirety into your ssl providers web ui.
Once you submit the contents of your example.com.csr file, you will be able to download a package containing (2) files: Example.com.crt, and provider_bundle.crt.”Note: If you’re using GoDaddy your “provider_bundle.crt” file may be called either “gd_bundle.crt” or “sf_bundle.crt.”
Download and unzip the signed certificate, and move the contents of the .zip file into /path/to/certs.
Once both files have been placed in the /path/to/certs directory, you then must next modify your Apache Virtual Host to reflect the signed certificate.
If your are adding SSL encryption to a pre-existing site, odds are you already have the first Virtual Host entry, however for this tutorial we will focus on the second entry for port 443. Below is an example of how your the virtual host file for your website should appear:
<VirtualHost *:80> ServerAdmin firstname.lastname@example.org ServerName www.example.com ServerAlias example.com DocumentRoot /path/to/example.com/public_html ErrorLog /path/to/example.com/logs/error.log CustomLog /path/to/example.com/access.log combined </VirtualHost> <VirtualHost *:443> SSLEngine On SSLCertificateFile /path/to/certs/Example.com.crt SSLCertificateKeyFile /path/to/certs/example.key SSLCACertificateFile /path/to/certs/sf_bundle.crt ServerAdmin email@example.com ServerName www.example.com DocumentRoot /srv/www/example.com/public_html/ ErrorLog /path/to/example.com/logs/error.log CustomLog /path/to/example.com/logs/access.log combined </VirtualHost>
Enable SSL Module
$ a2enmod ssl
Reload Apache to Update the Changes
$ /etc/init.d/apache2 reload