Installing and Configuring Commercial SSL on Debian Linux

SSL-Certificate-Secrity-H01CB360EBAB420000000000000004713

[dfads params=’groups=-1′]

Note: Please note that commercial SSL certificates require a unique IP address for SSL-enabled sites.

a. Enable SSL for Apache and make a directory named “ssl” inside “/etc/apache2/”

[code]
a2enmod ssl
mkdir /etc/apache2/ssl
[/code]

b. Create a Certificate Signing Request

[code]
cd /etc/apache2/ssl
openssl req -new -days 365 -nodes -keyout www.mydomain.com.key -out www.mydomain.com.csr
[/code]

The above command will create a certificate signing request (CSR) for the site which you’d like to use with SSL. Leave the challenge password blank.
Execute the following command to protect the key:

[code]
chmod 400 /etc/apache2/ssl/www.mydomain.com.key
[/code]

Files for your domain will be created in /etc/apache2/ssl. You may now submit the file ending in .csr to a commercial SSL provider for signing. You will receive a signed file after the CA signs the request. Save this file as /etc/apache2/ssl/www.mydomain.com.crt.
Execute the following command to protect the signed certificate:

[code]
chmod 400 /etc/apache2/ssl/www.mydomain.com.crt
[/code]

[dfads params=’groups=-1′]

c. Get the CA Root Certificate
You’ll need to get the root certificate for the CA that you paid to sign your certificate. You may obtain the root certs for various providers from these sites:
Verisign
Thawte
Globalsign
Comodo
For example, if we downloaded a root cert for Verisign, we would save it to /etc/apache2/ssl/verisign.cer.
d. Configure Apache to use the Signed SSL Certificate.
We’ll add an entry to /etc/apache2/ports.conf for the IP address you’ll be using to host your SSL-enabled site.
File excerpt:/etc/apache2/ports.conf

[code]
NameVirtualHost 12.34.56.78:443
Listen 443
[/code]

Replace the above IP address with your dedicated IP Address. Next, we edit the VirtualHost Configuration file i.e. /etc/apache2/sites-available/default in our case.

[code]
<Virtualhost 10.10.10.109:443>
SSLEngine On SSLCertificateFile /etc/apache2/ssl/www.mydomain.com.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.mydomain.com.key
SSLCACertificateFile /etc/apache2/ssl/verisign.cer

ServerAdmin info@mydomain.com
ServerName www.mydomain.com
DocumentRoot /var/www/
ErrorLog /var/log/apache2/error.log
CustomLog /var/log/apache2/access.log combined
</Vritaulhost>
[/code]

NOTE: You can edit your existing Virtualhost Configuration file (Virtualhost *:80) by adding the above attributes within the Virtualhost tag.

e. Restart Apache:

[code]
/etc/init.d/apache2 restart
[/code]

f. Congratulations, you’ve installed a commercial SSL certificate! You can visit your site with SSL enabled. i.e. https://mydomain.com OR https://localhost/your_website/

[Source: https://library.linode.com/web-servers/apache/ssl-guides/debian-5-lenny]

[dfads params=’groups=-1′]

Leave a Reply

Your email address will not be published. Required fields are marked *