SSl installation and configuration on ubuntu 14.04

May 26, 2014 3.8k views
Hi, I purchased ssl certificate from Networkssolutions.com. and am trying to install it on my droplet, here what I did: - I generated CSR with common-name= www.mydomain.com as described in digitalocean tutorials. - I purchased the certificate for www.mydomain.com - I downloaded 3 files from networksolutions: - WWW-MYDOMAIN-COM.crt - AddTrustExternalCARoot.crt - NetworkSolutionsDVServerCA.crt - I went to /etc/apache2/site-available/default-ssl.conf and edited the following: - SSLEngine on - SSLCertificateFile /etc/apache2/ssl/WWW.MYDOMAIN.COM.crt - SSLCertificateKeyFile /etc/apache2/ssl/mydomain.key - Added ServerName www.mydomain.com:443 - SSl enable - Apache2 restart But it is not working, what did I miss? thanks,
10 Answers
Make sure you also add in apache's config file:
SSLCertificateChainFile /path/to/your/CA.crt

And in CA.crt put contents of AddTrustExternalCARoot.crt and NetworkSolutionsDVServerCA.crt one after another.
@jerzy, did not work!

I also checked iptables and opened https port, still didn't work. please help! :)
thanks,
Guys I am stuck here, I checked every tutorial on the internet, and its not working! any help will be much appreciated, Thanks
What's the domain? Do you get any errors?
Are you seeing any errors in /var/log/apache2/error.log ?
No errors in log file.

my domain is fansrepublic.com
hostname output is: fansrepublic
hostname -f output is: fansrepublic
in dns I set CNAME to: www : @

/etc/hosts content is:
127.0.0.1 localhost
127.0.1.1 fansepublic
107.170.97.132 www.fansrepublic.com

I can open website, but not when I type https.

I don't know of this information is related, but maybe deserve mentioning

thanks
It looks like there's nothing listening on port 443. Can you pastebin the output of the following commands?
# List used ports

sudo netstat -plutn
# Output firewall rules
sudo iptables-save


root@fansepublic:/etc# sudo netstat -plutin
Kernel Interface table
Iface MTU Met RX-OK RX-ERR RX-DRP RX-OVR TX-OK TX-ERR TX-DRP TX-OVR Flg
eth0 1500 0 2100052 0 0 0 188399 0 0 0 BMRU
lo 65536 0 25507 0 0 0 25507 0 0 0 LRU



root@fansepublic:/etc# sudo iptables-save
# Generated by iptables-save v1.4.21 on Tue May 27 12:58:06 2014
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [47745:20516892]
:fail2ban-ssh - [0:0]
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 4268 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -j DROP
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
-A fail2ban-ssh -j RETURN
COMMIT
# Completed on Tue May 27 12:58:06 2014
Oh! ok guys I found my mistake: i changed the order of https rule in iptables to be before drop rule.

But, now I get SSL connection error in browser!! and there is nothing in error.log too

thank you Kamal for putting me in the right direction, but do u know what might cause SSL connection error?
That's because your SSL certificate is valid only for www.fansrepublic.com and not fansrepublic.com. I would contact Network Solutions (or whoever your SSL issuer is) and see if you can reissue your certificate so that it works on fansrepublic.com. (If that's possible, take a backup of your current SSL certificate, and regenerate the CSR with "fansrepublic.com" as the Common Name, not "www.ansrepublic.com").
Have another answer? Share your knowledge.