Question

Got the SSL certs. Now what?

Posted September 11, 2014 2.9k views

I just purchased an SSL through NameCheap (positiveSSL) for Apache with OpenSSL. I am running Ubuntu 14.04 x32. I was able to generate the CRT files for verification, and I got the approval and everything else, as well as a zip file with 4 crt files, now I just need to know where to put them and how to install them.

Everything I’ve seen is creating certs rather than installing them, and the only tutorial on here I can find is using the free SSL authority, and they use different file types.

Can anyone help out a n00b?

4 comments
  • Sorry to ask an off topic question, how much did it cost ??

  • @sauravbasu NameCheap offers certificates for aroun 7 euros.

  • Which encryption algorithm are you using ??

    SHA1 or SHA2 ??

  • To install certs to your apache web server, simply add them to the apache config file. You most probably want to create a new named virtual host that listens on port 443 (default https).

    Here is an example config:

    <VirtualHost example.com:443>
    ServerName example.com
    ServerAlias example.com
    ServerAdmin admin@example.com
    SSLEngine on
    SSLCertificateFile /path/to/your/certs/example.crt
    SSLCertificateKeyFile /path/to/your/certs/example.key
    ...
    other stuff
    ...
    </VirtualHost>
    

    Don’t forget to open TCP port 443 in your firewall.
    If you need something more advanced, check out the apache official documentation.

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

1 answer

Upload the zip file containing the certs to your server, and extract it to /etc/apache2/ssl/ Then create a new VirtualHost in your Apache configuration that listens on port 443:

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName example.com
    DocumentRoot /var/www/html

    SSLEngine on                                                                
    SSLProtocol all -SSLv2                                                      
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM                

    SSLCertificateFile /etc/apache2/ssl/ssl.crt  # The cert sent to you                      
    SSLCertificateKeyFile /etc/apache2/ssl/private.key  # The key file made when you generated the CSR 
    SSLCACertificateFile /etc/apache2/ssl/ca.crt

    # any other Apache configuration 
</VirtualHost>

To create the SSLCACertificateFile, you’ll need to combine the CA certs sent to you:

cat PositiveSSLCA.crt AddTrustUTNServerCA.crt.crt > ca.crt
Submit an Answer