InfoHeap
Tech
Navigation
  • Home
  • Tutorials
    • CSS tutorials & examples
    • CSS properties
    • Javascript cookbook
    • Linux/Unix Command Line
    • Mac
    • PHP
      • PHP functions online
      • PHP regex
    • WordPress
  • Online Tools
    • Text utilities
    • Online Lint Tools
search

Ubuntu tutorials

  • How to add a user on Linux with sudo access
  • How to check if a user has password on Linux
  • How to install ViewVC for svn repository on Ubuntu Linux
  • How to setup ssl (https) for your site on Ubuntu Linux
  • Install rabbitmq on Ubuntu Linux
  • LXC (Linux Containers) - quick start tutorial on Ubuntu
  • Linux - command to check swap size
  • Linux - how to add a user using useradd
  • Linux - how to create a large file like 1GB
  • Linux - how to create swap partition
  • Linux - how to remove user from a group
  • Linux - number of cpus (lscpu)
  • Linux du - find disk usage of directories or files
  • NFS client and server handy commands
  • Setup svn repository on AWS Ubuntu with apache auth
  • Ubuntu - check if a service is upstart based
  • Ubuntu - dpkg and apt-get beginner tutorial
  • Ubuntu - find file to package
  • Ubuntu - find where will a package be installed from
  • Ubuntu - how to auto start services on boot using update-rc.d (sysv init)
  • Ubuntu - how to find boot autostart status of a service
  • Ubuntu - reload iptables rules during boot
  • Use x2go to access remote Ubuntu Linux
 
  • Home
  • > Tutorials
  • > Linux

How to setup ssl (https) for your site on Ubuntu Linux

By admin on Apr 16, 2013

You may need ssl for your site for multiple reasons. I needed it for facebook apps. So my requirements are not so strict. For building a facebook app you need to have ssl installed on your site. There are many types of certificate you can buy. Either you can take wildcard certificate which is costly or you can also take it for a specific domain. If you take it for a specific domian, then it would not work for its subdomains.

One of the cheapest option is to take Positive SSL certificate from NameCheap. It comes under $10 per year. This does not validate physical address of your company and only validates that domain is owned by you. So you may want to look at more strict options depending upon your needs.

Here are the steps to setup the certificate (Positive SSL certificate for one domain):

  1. First generate a certificate signing request (CSR). For apache2 use openssl as shown below:
    openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

    It will ask you following details:

    Country Name (2 letter code) [AU]:
    State or Province Name (full name) [Some-State]:
    Locality Name (eg, city) []:
    Organization Name (eg, company) [Internet Widgits Pty Ltd]:
    Organizational Unit Name (eg, section) []:
    Common Name (eg, YOUR name) []:
    Email Address []:
    
    Please enter the following 'extra' attributes
    to be sent with your certificate request
    A challenge password []:
    An optional company name []:

    For common name if you are requesting a domain specific certificate, then enter the FQDN (fully qualified domain name) here. e.g. apps.infoheap.com. For A challenge password, enter anything and make sure you make a note of it.
    It will generate server.csr and myserver.key files. File myserver.key contains your private key should never be shared with anyone. File server.csr contains certificate request details and will be needed later.

  2. Goto SSL list page in myaccount on Namecheap.com and  click on activate now for the certificate you bought.
    namecheap-my-certificate-list
  3. Keep the CSR (from file server.csr) handy. When you click Activate now, you will see the following screen. Select Apache + OpenSSL and and enter CSR value in the appropriate box. This is assuming you are using Apache2 and OpenSSL.
    namecheap-digital-certificate-order-form-screen-1
  4. Next screen you will be asked to select approver email as shown below.
    namecheap-digital-certificate-order-form-screen-2This is to ensure that you have access to domain owner’s email address. In case your domain registration  info is public, then domain owner’s public email from whois record will be shown as an option. You can select that. Otherwise you may have to select postmaster@domainname.com. Whoever is providing you private registration, will provide you an option to forward all emails received on postmaster@ address.
  5. Next screen will be a confirmation screen as shown below:
    namecheap-digital-certificate-order-form-screen-3
  6. If everything goes fine, you will see a congratulations message and following screen describing the process summary and what are the next steps.
    namecheap-digital-certificate-order-process-summaryThe only step left is for Approver to approve the request.
  7. You get the email which will look like this:
    comodo-certificate-validation-emailTo approve click on the link provided and enter the validation code as described in the email.
  8. Once approver approves the request, the domain owner will get an email containing certificate files in zip format.
    Attached to this email you should find a .zip file containing:
      - Root CA Certificate - AddTrustExternalCARoot.crt
      - Intermediate CA Certificate - PositiveSSLCA2.crt
      - Your PositiveSSL Certificate - apps_infoheap_com.crt

    The .crt file is your certificate and and myserver.key file generated above is your private file. Copy these to ssl-cert-my.pem (public certificate) and ssl-cert-my.key (private key) and move to the Ubuntu Linux server with Apache2 installed.

  9. Next step is to configure apache and enable ssl. Run these commands:
    sudo a2enmod ssl
    sudo a2ensite default-ssl
  10. Edit /etc/apache2/sites-enabled/default-ssl. Copy the section within <VirtualHost *:443> and create one more section for the site you obtained the certificate. Create appropriate entries for ServerName etc. e.g.
    ServerName apps.infoheap.com
    DocumentRoot /path/to/your/document/root

    And copy File ssl-cert-my.pem to /etc/sss/certs/ directory and sss-cert-my.key to /etc/sss/private/ directory. Make sure that /etc/ssl/private/ssl-cert-my.key permissions are 640 and is in group ssl-cert.

    sudo chmod 640 /etc/ssl/private/ssl-cert-my.key
    sudo chown root:ssl-cert /etc/ssl/private/ssl-cert-my.key

    Point SSLCertificateFile and SSLCertificateKeyFile to correct entries as shown below (change the file path values):

    SSLCertificateFile /etc/ssl/certs/ssl-cert-my.pem
    SSLCertificateKeyFile /etc/ssl/private/ssl-cert-my.key
  11. Now restart Apache2 using sudo service apache2 restart and access your server on https. e.g. https://apps.infoheap.com/. If everything is fine, then no ssl warning should come.

Additional notes

  1. This article assumes you have Ubuntu Linux and buying certificate from namecheap.com. But in case that is not true, you can still use it as a high level guideline and follow the steps for your environment.
  2. In this whole process, your private key always remains with you right from the initial key generation. Only your certificate comes in email. You should keep a backup of it at few places.
  3. If you lose your private, there is no way to recover it. You will have to apply for a new key and follow the complete process again.

Suggested posts:

  1. Bash – variables in double quotes vs without quotes
  2. How to use ssh port forwarding to surf a site from different location
  3. Why and how to log Content-Type in apache access log
  4. How to locally override website domain (or hostname) to IP mapping
  5. Php apc vs memcache
  6. How to install and monitor memcache for php on Ubuntu Linux
  7. Google feedburner email subscription vs Mailchimp
  8. Edit a file without changing its timestamp on Linux
Share this article: share on facebook share on linkedin tweet this submit to reddit
Posted in Tutorials | Tagged Linux, Tutorials, Ubuntu Linux, Webmaster
  • Browse content
  • Article Topics
  • Article archives
  • Contact Us
Popular Topics: Android Development | AngularJS | Apache | AWS and EC2 | Bash shell scripting | Chrome developer tools | Company results | CSS | CSS cookbook | CSS properties | CSS Pseudo Classes | CSS selectors | CSS3 | CSS3 flexbox | Devops | Git | HTML | HTML5 | Java | Javascript | Javascript cookbook | Javascript DOM | jQuery | Kubernetes | Linux | Linux/Unix Command Line | Mac | Mac Command Line | Mysql | Networking | Node.js | Online Tools | PHP | PHP cookbook | PHP Regex | Python | Python array | Python cookbook | SEO | Site Performance | SSH | Ubuntu Linux | Web Development | Webmaster | Wordpress | Wordpress customization | Wordpress How To | Wordpress Mysql Queries | InfoHeap Money

Copyright © 2025 InfoHeap.

Powered by WordPress