Got the SSL certs. Now what?

September 11, 2014 1.4k views

I just purchased an SSL through NameCheap (positiveSSL) for Apache with OpenSSL. I am running Ubuntu 14.04 x32. I was able to generate the CRT files for verification, and I got the approval and everything else, as well as a zip file with 4 crt files, now I just need to know where to put them and how to install them.

Everything I've seen is creating certs rather than installing them, and the only tutorial on here I can find is using the free SSL authority, and they use different file types.

Can anyone help out a n00b?

  • Sorry to ask an off topic question, how much did it cost ??

  • @sauravbasu NameCheap offers certificates for aroun 7 euros.

  • Which encryption algorithm are you using ??

    SHA1 or SHA2 ??

  • To install certs to your apache web server, simply add them to the apache config file. You most probably want to create a new named virtual host that listens on port 443 (default https).

    Here is an example config:

    SSLEngine on
    SSLCertificateFile /path/to/your/certs/example.crt
    SSLCertificateKeyFile /path/to/your/certs/example.key
    other stuff

    Don't forget to open TCP port 443 in your firewall.
    If you need something more advanced, check out the apache official documentation.

1 Answer

Upload the zip file containing the certs to your server, and extract it to /etc/apache2/ssl/ Then create a new VirtualHost in your Apache configuration that listens on port 443:

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    DocumentRoot /var/www/html

    SSLEngine on                                                                
    SSLProtocol all -SSLv2                                                      
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM                

    SSLCertificateFile /etc/apache2/ssl/ssl.crt  # The cert sent to you                      
    SSLCertificateKeyFile /etc/apache2/ssl/private.key  # The key file made when you generated the CSR 
    SSLCACertificateFile /etc/apache2/ssl/ca.crt

    # any other Apache configuration 

To create the SSLCACertificateFile, you'll need to combine the CA certs sent to you:

cat PositiveSSLCA.crt AddTrustUTNServerCA.crt.crt > ca.crt
Have another answer? Share your knowledge.