Installing an SSL certificate onto an Apache webserver
These instructions show you how to install SSL Certificate in your webserver running Apache2.
In order to have a valid certificate for your website, you need to have 3 files stored on your webserver: a key file, a csr (both generated by openssl) file and a pem file (generated by the certificate authority).
1. Use Openssl to generate .csr and .key files
After you decide on one certificate authority you need to:
- use openssl to generate a key and a csr file. SSH into your webserver and type or open a terminal window on your machine:
where ‘mywebsite’ is the name of your website (e.g. google.co.uk)
This command will start generating you a private KEY file (used for the decryption of your SSL Certificate) and a CSR file (used to apply for your SSL Certificate to the certificate authority)
- You will be prompted for the Common Name (domain name). Enter the fully qualified domain name for the site (e.g. www.mywebsite.co.uk)
- After this, you will be prompted for other organizational information like geographical position, company name, etc. Fill in the details accordingly.
At this moment if you type ll you’ll see that openssl created two files for you:
-rw-r–r– 1 root root 1123 Oct 30 16:56 mywebsite.co.uk.csr
-rw-r–r– 1 root root 1704 Oct 30 16:56 mywebsite.co.uk.key
Open the CSR file with a text editor:
Copy and paste all the text inside the file (including the start and the ending tags) into the order form of the certificate authority you’ve chosen. After you fill in all the necessary details and give them the CSR file they will release a PEM file for you.
-  Create a new directory and use it to keep your certificate files:
- Copy your key into the new directory:
- Create a new file in the certificates directory and copy and paste the text from the PEM file released by the certificate authority. You can use your text editor to create the file:
Replace ‘mywebsite’ with your website name.
Paste the text from the PEM file and save it.
2. Change the website .conf file
Next, you need to tell Apache about this change by adding a block of code in the website .conf file. You can fine your website .conf file in sites-available. If you’re not sure what is the name of your config file, navigate to sites-available:
and type ll to list the files inside this directory. You should see now your website config file (or if you have more than one websites on your webserver you should be able to see all of them):
-rw-r--r-- 1 root root 2595 Apr 23 2015 mywebsite.co.uk.conf
Open the file with a text editor:
and paste this code at the bottom of the file:
<virtualhost *:443>
ServerName www.mywebsite.co.uk
ServerAlias *.mywebsite.co.uk
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/mywebsite
#Logging
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/mywebsite-error.log
CustomLog ${APACHE_LOG_DIR}/mywebsite-access.log combined
# SSL Section
SSLEngine on
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certificates/mywebsite.co.uk.pem
SSLCertificateKeyFile /etc/ssl/certificates/smywebsite.co.uk.key
SSLCertificateChainFile /etc/ssl/certs/GlobalSign_DomainSSL_Root_CA.pem
<directory /var/www/html/mywebsite>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</directory>
</virtualhost><virtualhost>
Don’t forget to replace ‘mywebsite.co.uk’ with your website name and adjust the DocumentRoot section if necessary.
All done.
