Setting up SSL Certificate on Ubuntu with Apache 2.4

sudo su #probably get hate for this,   but I'm lazy
  cd /etc/ssl/mycerts/
nano domainname.crt

Copy the certificate from your provider including the BEGIN and END tags

For any certificate authority (CA), you need to also install their intermediate certificates. I use GlobalSign OrganizationSSL and you can find them on their website (GlobalSign OrgSSL Intermediate Certs here). Most places mention this in the installation email. What they don't mention is you also need to install the CA's root certificate. Openssl on Ubuntu does come with a bunch of root certificates, but not all of them. I have alway found it easier to just get their root certificate from their website and copy it into the same folder as my certificate (GlobalSign Root Certs here). So in the end you will have copied 3 files in your server: your certificate, the intermediate certificate, and the root certificate. Note that when your finding the certificates, they are usually specific to your product and the hashing method you chose at the order.

One more thing on the Intermediate and Root certs. Some tutorials you find mention putting them all in one file. I've never had this work for me, so I alway keep them in three different files.

Once you have the certificates copied to your machine, you can now create an Apache configuration file.

cd /etc/apache2/sites-available/
nano ssl-domain.conf    #Note can be named whatever

Here is an example configuration file for apache:

<VirtualHost *:443>

SSLEngine On
SSLCACertificateFile /etc/ssl/mycerts/gs_root.pem  #This is the root cert
SSLCertificateChainFile /etc/ssl/mycerts/gs_intermediate.pem   #This is the intermediate cert
SSLCertificateFile /etc/ssl/mycerts/domainname.crt   #This is your cert
SSLCertificateKeyFile /etc/ssl/mycerts/domainname.key   #This is the key that was made when you created your CSR request

ServerName domainname.ca
ServerAlias www.domainname.ca

DocumentRoot /var/www/prod/public

<Directory /var/www/prod/public>
Options FollowSymLinks
AllowOverride All
Order allow,deny
allow from all
</Directory>

ErrorLog /var/www/prod/logs/error.log
CustomLog /var/www/prod/logs/access.log combined

</VirtualHost>

One the configuration file is created, activate it and load apache configuration

a2ensite ssl-domain.conf
service apache2 reload
exit   #this just logs you out of the root account (ie when you did sudo su)

Leave a Reply