Setup commercial SSL Certificate by generating a CSR (Certificate Signing Request) and Private Key

Use Openssl to generate CSR and private key and securely store them at your home directory

cd ~
openssl req -newkey rsa:2048 -nodes -keyout -out

When prompted, the most important field is Common Name (e.g. server FQDN or YOUR name) []:
For single site use your FQDN like or
For wildcard use *

The .csr file is what we need to send to CA for SSL Cert REQUEST



After getting commercial Certificate,
Name certifiate with domain.crt extension
Name intermediate certifiate with domain.intermediate.crt extension

Copy your existing virtualhost conf listening on port 80

sudo cp /etc/apache2/sites-available/ /etc/apache2/sites-available/


Redirect traffic from 80 to 443 (always use ssl)

sudo nano /etc/apache2/sites-available/
<VirtualHost *:80>
Redirect permanent /


Install Certificate on

sudo nano /etc/apache2/sites-available/
<VirtualHost *:443>
SSLEngine on
SSLCertificateFile /home/userx/
SSLCertificateKeyFile /home/userx/


Finally enable SSL and your.domain.443.conf

sudo a2enmod ssl
sudo a2ensite your.domain.443.conf
sudo service apache2 restart

Leave a Comment

Your email address will not be published. Required fields are marked *