How to Install SSL Certificates? – Debian & Ubuntu
The Secure Sockets Layer certificate (SSL Certificate) are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.
The easiest way to secure your website is by using an SSL certificate and HTTPS. SSL installation involves three general steps, which are as below:
- Generating a Certificate Signing Request (CSR)
- Purchase of SSL certificate from an SSL vendor
- Installation of SSL certificate in the server
The below steps outline the process of CSR generation and SSL installation with Apache on Debian servers.
CSR for a Debian and Ubuntu Server
- Login to the server via SSH command
- Need to create the CSR file and the private key for the certificate. Enter the following command at the prompt.
openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite.key -out mywebsite.csr
Note: Replace mywebsite with the real domain name.
3. Now submit the required information about your company to the CA. Fill in the fields as shown below.
- Common name: Your fully qualified domain/website name
- Organization: Your company’s legally registered name
- An optional company – this is another option attribute. You can add your Brand name, or leave the field blank
- Email Address – provide a valid email address
- A challenge password – this is an optional attribute. If you decide to create a password, write it down or make sure to remember it
- Organizational unit: The name of your department within the organization.
- City/locality: The city where your company is located.
- State/Province: The state/province where your company is located.
- Country Name – enter the two-letter country code where your organization is officially registered.
4. Once you enter the above details, Your CSR and private key files are ready. You can find them in your working directory via the “ls” command.
5. The generated CSR can then be used to order the SSL certificate from a third-party SSL provider.
Install SSL Certificate on Debian and Ubuntu Server
- Once you received the SSL certificate, then download the root certificate and intermediate certificate files, and save them to the Debian server, in a folder.
- Locate and edit the Apache .config file. It usually resides in the /etc/apache2/sites-enabled/your_site_name directory. If it’s not there, find it via the following command
sudo a2ensite your_site_name
3. Open the Apache .config file using the text editor from command line
Note: To connect to the site through both HTTP and HTTPS, then need to create two separate files in the sites-enabled directory. The HTTP file will use port 80 to establish the connection, while the HTTPS one will perform the same action via port 443
4. In the .config file, find the Virtual Host block. You need to edit it to make your website available only via the HTTPS. By default, the Virtual Host block looks like this:
5. Adjust it to your own SSL certificate details and save the .config file.
- SSLCertificateFile – Provide the location (on your server) of your SSL certificate.
- SSLCertificateKeyFile – Specify the location (on your server) of the private key file (you created the private key file along with the CSR code)
- SSLCertificateChainFile – Enter the location (on your server) of your intermediate certificate.
6. Use following command to scan for errors.
7. If there’s an issue with the configuration, perform the installation steps again, from the very beginning. If there are no errors, move on to the final step.
8. Finally restart the Apache services using the following commands
Testing the SSL Certificate Installation
- For best results, make sure to close your web browser first and then re-launch it.
- Visit your site with the secure https URL (i.e., go to https://www.example.com not http://www.example.com).