Power up with new SaaS Add-Ons from the DigitalOcean Marketplace

Question

Got the SSL certs. Now what?

  • Posted September 11, 2014

I just purchased an SSL through NameCheap (positiveSSL) for Apache with OpenSSL. I am running Ubuntu 14.04 x32. I was able to generate the CRT files for verification, and I got the approval and everything else, as well as a zip file with 4 crt files, now I just need to know where to put them and how to install them.

Everything I’ve seen is creating certs rather than installing them, and the only tutorial on here I can find is using the free SSL authority, and they use different file types.

Can anyone help out a n00b?

Subscribe
Share
mdvucakSeptember 13, 2014

To install certs to your apache web server, simply add them to the apache config file. You most probably want to create a new named virtual host that listens on port 443 (default https).

Here is an example config:

<VirtualHost example.com:443>
ServerName example.com
ServerAlias example.com
ServerAdmin admin@example.com
SSLEngine on
SSLCertificateFile /path/to/your/certs/example.crt
SSLCertificateKeyFile /path/to/your/certs/example.key
...
other stuff
...
</VirtualHost>

Don’t forget to open TCP port 443 in your firewall. If you need something more advanced, check out the apache official documentation.

hunkySeptember 12, 2014

Which encryption algorithm are you using ??

SHA1 or SHA2 ??

sianiosSeptember 12, 2014

@sauravbasu NameCheap offers certificates for aroun 7 euros.

hunkySeptember 12, 2014

Sorry to ask an off topic question, how much did it cost ??

Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Andrew SBSeptember 11, 2014

Upload the zip file containing the certs to your server, and extract it to /etc/apache2/ssl/ Then create a new VirtualHost in your Apache configuration that listens on port 443:

<VirtualHost *:443>
    ServerAdmin webmaster@localhost
    ServerName example.com
    DocumentRoot /var/www/html

    SSLEngine on                                                                
    SSLProtocol all -SSLv2                                                      
    SSLCipherSuite ALL:!ADH:!EXPORT:!SSLv2:RC4+RSA:+HIGH:+MEDIUM                

    SSLCertificateFile /etc/apache2/ssl/ssl.crt  # The cert sent to you                      
    SSLCertificateKeyFile /etc/apache2/ssl/private.key  # The key file made when you generated the CSR 
    SSLCACertificateFile /etc/apache2/ssl/ca.crt

    # any other Apache configuration 
</VirtualHost>

To create the SSLCACertificateFile, you’ll need to combine the CA certs sent to you:

cat PositiveSSLCA.crt AddTrustUTNServerCA.crt.crt > ca.crt