Pranaam To all bhai ji _/\_
Today i am going to share, how to implement Third party ssl certificate on website hosted on ubuntu server
Note: we need root user privileges to perform this implementation
lets suppose i have domain indishell.in and i want to get ssl certificate for it
so we need to generate CSR file to get ssl certificate and a private RSA key for our server
you can generate csr and rsa key file on any linux system by executing this command and provide some info during file genration process
command for generating csr and key file is
openssl req -nodes -newkey rsa:2048 -keyout domain_com.key -out domain_com.csr
here you can change domain_com.key to your_domain.key
and domain_com.csr to your_domain.csr
its optional , just for ease of remembering what kind of file it is
note: domain_com.key file is an importent file which we will need during ssl implementation so keep it safe
after generation these files, we need to forward csr file to ssl vendor like comodo
they will give a zip file, unzip the bundle and you will get 2 files having names like this
1.your_domain.ca-bundle
2.your_domain.crt
here
your_domain.ca-bundle is intermediate file
and
your_domain.crt is certificate file for domain
we need domain_com.key file too which we generated during csr generation
ok , lets start ;)
login to server with root access
enter into directory /etc/apache2/ssl/ (create a directory if not present)
cd /etc/apache2/ssl/
copy all the files to this directory (use scp command to copy files from your machine to server or just create files on server with the same name , open files on your machine ,copy content and paste it to file on server )
ok now we need to configure vhost file for website
enter into /etc/apache2/sites-available/
create a file with any name like your_domain.com, i am creating with name indishell.in
and paste this code to the file
1 <VirtualHost *:443>
2 ServerAdmin webmaster@localhost
3 Servername your_domain.com
4 ServerAlias www.your_domain.com
5 DocumentRoot /location_to_files_of_your_domain
6 <Directory />
7 Options FollowSymLinks
8 AllowOverride None
9 </Directory>
10 <Directory /location_to_files_of_your_domain/>
11 Options Indexes FollowSymLinks MultiViews
12 AllowOverride All
13 Order allow,deny
14 allow from all
15 </Directory>
16
17 ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
18 <Directory "/usr/lib/cgi-bin">
19 AllowOverride None
20 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
21 Order allow,deny
22 Allow from all
23 </Directory>
24
25 SSLEngine on
26 SSLCertificateKeyFile /etc/apache2/ssl/domain_com.key
27 SSLCertificateFile /etc/apache2/ssl/doamin_com.crt
28 SSLCertificateChainFile /etc/apache2/ssl/domain_com.ca-bundle
29
30 ErrorLog ${APACHE_LOG_DIR}/domain_ssl.com-error.log
31
32 # Possible values include: debug, info, notice, warn, error, crit,
33
34 LogLevel warn
35
36 CustomLog ${APACHE_LOG_DIR}/domain_ssl.com-access.log combined
37
38 Alias /doc/ "/usr/share/doc/"
39 <Directory "/usr/share/doc/">
40 Options Indexes MultiViews FollowSymLinks
41 AllowOverride None
42 Order deny,allow
43 Deny from all
44 Allow from 127.0.0.0/255.0.0.0 ::1/128
45 </Directory>
46
47 </VirtualHost>
dont save it , we need to make some changes to it
on line number 3,4 change your_domain.com to your website name
like my website name is indishell.in so i will replace your_domain.com with indishell.in
on line 5 and 10 change /location_to_files_of_your_domain to location of your website
like my website files are under directory /data/indishell
so i will replace /location_to_files_of_your_domain with /data/indishell
and line 5 and 10 will be like this
line 5 DocumentRoot /data/indishell
line 10 <Directory /data/indishell/>
and now comes the main part aka ssl certificates defination
26 SSLCertificateKeyFile /etc/apache2/ssl/domain_com.key
27 SSLCertificateFile /etc/apache2/ssl/doamin_com.crt
28 SSLCertificateChainFile /etc/apache2/ssl/domain_com.ca-bundle
line 26 tells the location of our RSA key file location (domain.key file which we generated during csr file generation)
my domain.key file name is indishell.key and it is under directory /etc/apache2/ssl
so line 26 will be
SSLCertificateKeyFile /etc/apache2/ssl/indishell.key
line 27 tells the location of domain certificate file which was sent by ssl vendor to us (domain_com.crt file)
my domain certificate file name is indishell.crt and it is saved in directory /etc/apache2/ssl/
so line 27 will be like this for me
SSLCertificateFile /etc/apache2/ssl/indishell.crt
line 28 is to tell intermediate certificate location
intermediate certificate is the file which has to be provided by ssl certificate vendor and its name will be like domain.ca-bundle
in my case, this file is saved under directory /etc/apache2/ssl and name is indishell.ca-bundle
so line 28 will be like
SSLCertificateChainFile /etc/apache2/ssl/indishell.ca-bundle
now line 30 and 38
both are for logging access and error log for your website
just replace keyword domain to whatever you want , like i am replacing it with indishell
ErrorLog ${APACHE_LOG_DIR}/indishell_ssl.com-error.log
CustomLog ${APACHE_LOG_DIR}/indishell_ssl.com-access.log combined
so error logs of my website will be saved in file indishell_ssl.com-error.log under directory /var/log/apache
and access logs will be saved in file indishell_ssl.com-access.log under directory /var/log/apache2
ok now everything has been setup , just save this file . enter into site available directory using command
cd /etc/apache2/sites-available
execute this command to activate the ssl config file for website
a2ensite name_of_website_ssl_config_file
here name_of_website_ssl_config_file is the name of the ssl config file which we created in above step
mine ssl config file name was indishell.in(mentioned above)
so command for me is
a2ensite indishell.in
now we need to reload apache server , command is
service apache2 reload
and now access your website using https://website.com >:D<
if you want , whenever someone access yourdomain.com, it should redirect to https://yourdomain.com
open your domain vhost file(which is configured for http connection)
we need to add redirection rule , locate these lines in starting of your vhost file
Servername yourdomain.com
ServerAlias www.yourdomain.com
just below these lines , add this line
Redirect / https://yourdomain.com/
here https://yourdomain.com is the link for your https domain name
like in my casemy website is indishell.in and i want to redirect it to https://indishell.in
config in normal vhost file will be
Servername indishell.in
ServerAlias www.indishell.in
Redirect / https://indishell.in/
and done \m/
reload apache server and enjoy the ssl on your website 8-)
Thank you
Today i am going to share, how to implement Third party ssl certificate on website hosted on ubuntu server
Note: we need root user privileges to perform this implementation
lets suppose i have domain indishell.in and i want to get ssl certificate for it
so we need to generate CSR file to get ssl certificate and a private RSA key for our server
you can generate csr and rsa key file on any linux system by executing this command and provide some info during file genration process
command for generating csr and key file is
openssl req -nodes -newkey rsa:2048 -keyout domain_com.key -out domain_com.csr
here you can change domain_com.key to your_domain.key
and domain_com.csr to your_domain.csr
its optional , just for ease of remembering what kind of file it is
note: domain_com.key file is an importent file which we will need during ssl implementation so keep it safe
after generation these files, we need to forward csr file to ssl vendor like comodo
they will give a zip file, unzip the bundle and you will get 2 files having names like this
1.your_domain.ca-bundle
2.your_domain.crt
here
your_domain.ca-bundle is intermediate file
and
your_domain.crt is certificate file for domain
we need domain_com.key file too which we generated during csr generation
ok , lets start ;)
login to server with root access
enter into directory /etc/apache2/ssl/ (create a directory if not present)
cd /etc/apache2/ssl/
copy all the files to this directory (use scp command to copy files from your machine to server or just create files on server with the same name , open files on your machine ,copy content and paste it to file on server )
ok now we need to configure vhost file for website
enter into /etc/apache2/sites-available/
create a file with any name like your_domain.com, i am creating with name indishell.in
and paste this code to the file
1 <VirtualHost *:443>
2 ServerAdmin webmaster@localhost
3 Servername your_domain.com
4 ServerAlias www.your_domain.com
5 DocumentRoot /location_to_files_of_your_domain
6 <Directory />
7 Options FollowSymLinks
8 AllowOverride None
9 </Directory>
10 <Directory /location_to_files_of_your_domain/>
11 Options Indexes FollowSymLinks MultiViews
12 AllowOverride All
13 Order allow,deny
14 allow from all
15 </Directory>
16
17 ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
18 <Directory "/usr/lib/cgi-bin">
19 AllowOverride None
20 Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
21 Order allow,deny
22 Allow from all
23 </Directory>
24
25 SSLEngine on
26 SSLCertificateKeyFile /etc/apache2/ssl/domain_com.key
27 SSLCertificateFile /etc/apache2/ssl/doamin_com.crt
28 SSLCertificateChainFile /etc/apache2/ssl/domain_com.ca-bundle
29
30 ErrorLog ${APACHE_LOG_DIR}/domain_ssl.com-error.log
31
32 # Possible values include: debug, info, notice, warn, error, crit,
33
34 LogLevel warn
35
36 CustomLog ${APACHE_LOG_DIR}/domain_ssl.com-access.log combined
37
38 Alias /doc/ "/usr/share/doc/"
39 <Directory "/usr/share/doc/">
40 Options Indexes MultiViews FollowSymLinks
41 AllowOverride None
42 Order deny,allow
43 Deny from all
44 Allow from 127.0.0.0/255.0.0.0 ::1/128
45 </Directory>
46
47 </VirtualHost>
dont save it , we need to make some changes to it
on line number 3,4 change your_domain.com to your website name
like my website name is indishell.in so i will replace your_domain.com with indishell.in
on line 5 and 10 change /location_to_files_of_your_domain to location of your website
like my website files are under directory /data/indishell
so i will replace /location_to_files_of_your_domain with /data/indishell
and line 5 and 10 will be like this
line 5 DocumentRoot /data/indishell
line 10 <Directory /data/indishell/>
and now comes the main part aka ssl certificates defination
26 SSLCertificateKeyFile /etc/apache2/ssl/domain_com.key
27 SSLCertificateFile /etc/apache2/ssl/doamin_com.crt
28 SSLCertificateChainFile /etc/apache2/ssl/domain_com.ca-bundle
line 26 tells the location of our RSA key file location (domain.key file which we generated during csr file generation)
my domain.key file name is indishell.key and it is under directory /etc/apache2/ssl
so line 26 will be
SSLCertificateKeyFile /etc/apache2/ssl/indishell.key
line 27 tells the location of domain certificate file which was sent by ssl vendor to us (domain_com.crt file)
my domain certificate file name is indishell.crt and it is saved in directory /etc/apache2/ssl/
so line 27 will be like this for me
SSLCertificateFile /etc/apache2/ssl/indishell.crt
line 28 is to tell intermediate certificate location
intermediate certificate is the file which has to be provided by ssl certificate vendor and its name will be like domain.ca-bundle
in my case, this file is saved under directory /etc/apache2/ssl and name is indishell.ca-bundle
so line 28 will be like
SSLCertificateChainFile /etc/apache2/ssl/indishell.ca-bundle
now line 30 and 38
both are for logging access and error log for your website
just replace keyword domain to whatever you want , like i am replacing it with indishell
ErrorLog ${APACHE_LOG_DIR}/indishell_ssl.com-error.log
CustomLog ${APACHE_LOG_DIR}/indishell_ssl.com-access.log combined
so error logs of my website will be saved in file indishell_ssl.com-error.log under directory /var/log/apache
and access logs will be saved in file indishell_ssl.com-access.log under directory /var/log/apache2
ok now everything has been setup , just save this file . enter into site available directory using command
cd /etc/apache2/sites-available
execute this command to activate the ssl config file for website
a2ensite name_of_website_ssl_config_file
here name_of_website_ssl_config_file is the name of the ssl config file which we created in above step
mine ssl config file name was indishell.in(mentioned above)
so command for me is
a2ensite indishell.in
now we need to reload apache server , command is
service apache2 reload
and now access your website using https://website.com >:D<
if you want , whenever someone access yourdomain.com, it should redirect to https://yourdomain.com
open your domain vhost file(which is configured for http connection)
we need to add redirection rule , locate these lines in starting of your vhost file
Servername yourdomain.com
ServerAlias www.yourdomain.com
just below these lines , add this line
Redirect / https://yourdomain.com/
here https://yourdomain.com is the link for your https domain name
like in my casemy website is indishell.in and i want to redirect it to https://indishell.in
config in normal vhost file will be
Servername indishell.in
ServerAlias www.indishell.in
Redirect / https://indishell.in/
and done \m/
reload apache server and enjoy the ssl on your website 8-)
Thank you
-==[[Love to]]==--
zero Cool ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba ,Silent poison India,Magnum sniper,Atul Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,Reborn India,L0rd Crus4d3r,AR AR,Mannu, ViKi, Hardeep singh Bhuppi,Mohit, Ffe, Anju, RR Mam, Acchi bacchi(Jagriti) and DON
0 comments