Setup commercial SSL Certificate by generating a CSR (Certificate Signing Request) and Private Key

Use Openssl to generate CSR and private key and securely store them at your home directory

cd ~
openssl req -newkey rsa:2048 -nodes -keyout example.com.key -out example.com.csr

When prompted, the most important field is Common Name (e.g. server FQDN or YOUR name) []:
For single site use your FQDN like domain.com or www.domain.com
For wildcard use *.domain.com

The .csr file is what we need to send to CA for SSL Cert REQUEST

cat domain.com.csr

 

After getting commercial Certificate,
Name certifiate with domain.crt extension
Name intermediate certifiate with domain.intermediate.crt extension

Copy your existing virtualhost conf listening on port 80

sudo cp /etc/apache2/sites-available/your.domain.com.conf /etc/apache2/sites-available/your.domain.443.com.conf

 

Redirect traffic from 80 to 443 (always use ssl)

sudo nano /etc/apache2/sites-available/your.domain.com.conf
<VirtualHost *:80>
ServerName example.com
ServerAlias www.example.com
Redirect permanent / https://example.com/

 

Install Certificate on your.domain.443.com.conf

sudo nano /etc/apache2/sites-available/your.domain.443.com.conf
<VirtualHost *:443>
ServerName example.com
SSLEngine on
SSLCertificateFile /home/userx/domain.com.crt
SSLCertificateKeyFile /home/userx/domain.com.key

 

Finally enable SSL and your.domain.443.conf

sudo a2enmod ssl
sudo a2ensite your.domain.443.conf
sudo service apache2 restart

Leave a Reply

Your email address will not be published. Required fields are marked *

Scroll to top