sudo su #probably get hate for this, but I'm lazy cd /etc/ssl/mycerts/ nano domainname.crt
Copy the certificate from your provider including the BEGIN and END tags
For any certificate authority (CA), you need to also install their intermediate certificates. I use GlobalSign OrganizationSSL and you can find them on their website (GlobalSign OrgSSL Intermediate Certs here). Most places mention this in the installation email. What they don't mention is you also need to install the CA's root certificate. Openssl on Ubuntu does come with a bunch of root certificates, but not all of them. I have alway found it easier to just get their root certificate from their website and copy it into the same folder as my certificate (GlobalSign Root Certs here). So in the end you will have copied 3 files in your server: your certificate, the intermediate certificate, and the root certificate. Note that when your finding the certificates, they are usually specific to your product and the hashing method you chose at the order.
One more thing on the Intermediate and Root certs. Some tutorials you find mention putting them all in one file. I've never had this work for me, so I alway keep them in three different files.
Once you have the certificates copied to your machine, you can now create an Apache configuration file.
cd /etc/apache2/sites-available/ nano ssl-domain.conf #Note can be named whatever
Here is an example configuration file for apache:
<VirtualHost *:443> SSLEngine On SSLCACertificateFile /etc/ssl/mycerts/gs_root.pem #This is the root cert SSLCertificateChainFile /etc/ssl/mycerts/gs_intermediate.pem #This is the intermediate cert SSLCertificateFile /etc/ssl/mycerts/domainname.crt #This is your cert SSLCertificateKeyFile /etc/ssl/mycerts/domainname.key #This is the key that was made when you created your CSR request ServerName domainname.ca ServerAlias www.domainname.ca DocumentRoot /var/www/prod/public <Directory /var/www/prod/public> Options FollowSymLinks AllowOverride All Order allow,deny allow from all </Directory> ErrorLog /var/www/prod/logs/error.log CustomLog /var/www/prod/logs/access.log combined </VirtualHost>
One the configuration file is created, activate it and load apache configuration
a2ensite ssl-domain.conf service apache2 reload exit #this just logs you out of the root account (ie when you did sudo su)