The Blog of Someone Who Builds Things on the Internet

I google how to do things, then post the answers here cause I'll probably forget. Maybe someone else finds it useful.

Setting up SSL Certificate on Ubuntu with Apache 2.4

Published February 26, 2017
sudo su #probably get hate for this, but I'm lazy
cd /etc/ssl/mycerts/
nano domainname.crt

Copy the certificate from your provider including the BEGIN and END tags

For any certificate authority (CA), you need to also install their intermediate certificates. I use GlobalSign OrganizationSSL and you can find them on their website (GlobalSign OrgSSL Intermediate Certs here). Most places mention this in the installation email. What they don't mention is you also need to install the CA's root certificate. Openssl on Ubuntu does come with a bunch of root certificates, but not all of them. I have alway found it easier to just get their root certificate from their website and copy it into the same folder as my certificate (GlobalSign Root Certs here). So in the end you will have copied 3 files in your server: your certificate, the intermediate certificate, and the root certificate. Note that when your finding the certificates, they are usually specific to your product and the hashing method you chose at the order.

One more thing on the Intermediate and Root certs. Some tutorials you find mention putting them all in one file. I've never had this work for me, so I alway keep them in three different files.

Once you have the certificates copied to your machine, you can now create an Apache configuration file.

cd /etc/apache2/sites-available/
nano ssl-domain.conf    #Note can be named whatever

Here is an example configuration file for apache:

<VirtualHost *:443>

    SSLEngine On
    SSLCACertificateFile /etc/ssl/mycerts/gs_root.pem  #This is the root cert
    SSLCertificateChainFile /etc/ssl/mycerts/gs_intermediate.pem   #This is the intermediate cert
    SSLCertificateFile /etc/ssl/mycerts/domainname.crt   #This is your cert
    SSLCertificateKeyFile /etc/ssl/mycerts/domainname.key   #This is the key that was made when you created your CSR request

    ServerName domainname.ca
    ServerAlias www.domainname.ca

    DocumentRoot /var/www/prod/public

    <Directory /var/www/prod/public>
        Options FollowSymLinks
        AllowOverride All
        Order allow,deny
        allow from all
    </Directory>

    ErrorLog /var/www/prod/logs/error.log
    CustomLog /var/www/prod/logs/access.log combined

</VirtualHost>

One the configuration file is created, activate it and load apache configuration

a2ensite ssl-domain.conf
service apache2 reload
exit   #this just logs you out of the root account (ie when you did sudo su)