Note: Please note that commercial SSL certificates require a unique IP address for SSL-enabled sites.
a. Enable SSL for Apache and make a directory named “ssl” inside “/etc/apache2/”
b. Create a Certificate Signing Request
openssl req -new -days 365 -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr
The above command will create a certificate signing request (CSR) for the site which you’d like to use with SSL. Leave the challenge password blank.
Execute the following command to protect the key:
chmod 400 /etc/apache2/ssl/www.mydomain.com.key
Files for your domain will be created in /etc/apache2/ssl. You may now submit the file ending in .csr to a commercial SSL provider for signing. You will receive a signed file after the CA signs the request. Save this file as /etc/apache2/ssl/www.mydomain.com.crt.
Execute the following command to protect the signed certificate:
chmod 400 /etc/apache2/ssl/www.mydomain.com.crt
c. Get the CA Root Certificate
You’ll need to get the root certificate for the CA that you paid to sign your certificate. You may obtain the root certs for various providers from these sites:
For example, if we downloaded a root cert for Verisign, we would save it to /etc/apache2/ssl/verisign.cer.
d. Configure Apache to use the Signed SSL Certificate.
We’ll add an entry to /etc/apache2/ports.conf for the IP address you’ll be using to host your SSL-enabled site.
Replace the above IP address with your dedicated IP Address. Next, we edit the VirtualHost Configuration file i.e. /etc/apache2/sites-available/default in our case.
SSLEngine On SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt
CustomLog /var/log/apache2/access.log combined
NOTE: You can edit your existing Virtualhost Configuration file (Virtualhost *:80) by adding the above attributes within the Virtualhost tag.
e. Restart Apache:
f. Congratulations, you’ve installed a commercial SSL certificate! You can visit your site with SSL enabled. i.e. https://mydomain.com OR https://localhost/your_website/