How to Install SSL Certificates? – Debian & Ubuntu

The Secure Sockets Layer certificate  (SSL Certificate) are small data files that digitally bind a cryptographic key to an organization’s details. When installed on a web server, it activates the padlock and the https protocol and allows secure connections from a web server to a browser.

The easiest way to secure your website is by using an SSL certificate and HTTPS. SSL installation involves three general steps, which are as below:

  • Generating a Certificate Signing Request (CSR)
  • Purchase of SSL certificate from an SSL vendor
  • Installation of SSL certificate in the server

The below steps outline the process of CSR generation and SSL installation with Apache on Debian servers.

CSR for a Debian and Ubuntu Server

  1. Login to the server via SSH command
  2. Need to create the CSR file and the private key for the certificate. Enter the following command at the prompt.

openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite.key -out mywebsite.csr

Note: Replace mywebsite with the real domain name.

3. Now submit the required information about your company to the CA. Fill in the fields as shown below.

  • Common name: Your fully qualified domain/website name
  • Organization: Your company’s legally registered name
  • An optional company – this is another option attribute. You can add your Brand name, or leave the field blank
  • Email Address – provide a valid email address
  • A challenge password – this is an optional attribute. If you decide to create a password, write it down or make sure to remember it
  • Organizational unit: The name of your department within the organization.
  • City/locality: The city where your company is located.
  • State/Province: The state/province where your company is located.
  • Country Name – enter the two-letter country code where your organization is officially registered.

    4. Once you enter the above details, Your CSR and private key files are ready. You can find them in your working directory via the “ls” command.
    5. The generated CSR can then be used to order the SSL certificate from a third-party SSL provider.

Install SSL Certificate on Debian and Ubuntu Server

  1. Once you received the SSL certificate, then download the root certificate and intermediate certificate files, and save them to the Debian server, in a folder.
  2. Locate and edit the Apache .config file. It usually resides in the /etc/apache2/sites-enabled/your_site_name directory. If it’s not there, find it via the following command

sudo a2ensite your_site_name

3. Open the Apache .config file using the text editor from command line

Note: To connect to the site through both HTTP and HTTPS, then need to create two separate files in the sites-enabled directory. The HTTP file will use port 80 to establish the connection, while the HTTPS one will perform the same action via port 443

4. In the .config file, find the Virtual Host block. You need to edit it to make your website available only via the HTTPS. By default, the Virtual Host block looks like this:

<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key
SSLCertificateChainFile /path/to/yourdomain.crt

5. Adjust it to your own SSL certificate details and save the .config file.

  • SSLCertificateFile – Provide the location (on your server) of your SSL certificate.
  • SSLCertificateKeyFile – Specify the location (on your server) of the private key file (you created the private key file along with the CSR code)
  • SSLCertificateChainFile – Enter the location (on your server) of your intermediate certificate.

6. Use following command to scan for errors.


7. If there’s an issue with the configuration, perform the installation steps again, from the very beginning. If there are no errors, move on to the final step.

8. Finally restart the Apache services using the following commands

apachectl stop
apachectl start

Testing the SSL Certificate Installation

  1. For best results, make sure to close your web browser first and then re-launch it.
  2. Visit your site with the secure https URL (i.e., go to not

Rohith Krishnan

Rohith SK is an MSC computer science graduate living in Cochin, Kerala. As a technology enthusiast, he is always on the lookout for the latest trends and developments in the field, with a particular interest in cloud computing and DevOps updates. Apart from his passion for technology, Rohith SK is an avid reader and enjoys spending his free time exploring different genres of literature. He believes that reading is one of the best ways to expand one's knowledge and understanding of the world. With his expertise in computer science and a passion for technology, Rohith SK regularly contributes articles and blog posts on the latest trends and updates in the industry. His articles offer insights and valuable perspectives on the various aspects of cloud computing and DevOps, and are widely read and appreciated by readers all over the world. As an experienced technology writer and researcher, Rohith SK's articles are well-researched, informative, and easy to understand, making them accessible to readers of all levels of technical knowledge. Whether you're a beginner looking to learn more about the latest trends in technology, or an experienced professional seeking insights and updates, Rohith's articles are sure to provide valuable information and insights.

You may also like...

Leave a Reply