2014-07-03

Installing SSL certificate website hosted on ubuntu server

Pranaam To all bhai ji _/\_
Today i am going to share, how to implement Third party ssl certificate on website hosted on ubuntu server

Note: we need root user privileges to perform this implementation

lets suppose i have domain indishell.in and i want to get ssl certificate for it
so we need to generate CSR file to get ssl certificate and a private RSA key for our server

you can generate csr and rsa key file on any linux system by executing this command and provide some info during file genration process
command for generating csr and key file is

openssl req -nodes -newkey rsa:2048 -keyout domain_com.key -out domain_com.csr



here you can change domain_com.key to your_domain.key
and domain_com.csr to your_domain.csr
its optional , just for ease of remembering what kind of file it is


note: domain_com.key file is an importent file which we will need during ssl implementation so keep it safe

after generation these files, we need to forward csr file to ssl vendor like comodo
they will give a zip file, unzip the bundle and you will get 2 files having names like this

1.your_domain.ca-bundle
2.your_domain.crt

here
your_domain.ca-bundle is intermediate file
and
your_domain.crt is certificate file for domain

we need domain_com.key file too which we generated during csr generation

ok , lets start ;)
login to server with root access
enter into directory /etc/apache2/ssl/ (create a directory if not present)
cd  /etc/apache2/ssl/
copy all the files to this directory (use scp command to copy files from your machine to server or just create files on server with the same name , open files on your machine ,copy content and paste it to file on server )

ok now we need to configure vhost file for website
enter into /etc/apache2/sites-available/
create a file with any name like your_domain.com, i am creating with name indishell.in
and paste this code to the file

1   <VirtualHost *:443>
2    ServerAdmin webmaster@localhost
3       Servername  your_domain.com
4       ServerAlias  www.your_domain.com
5        DocumentRoot /location_to_files_of_your_domain
6   <Directory />
7  Options FollowSymLinks
8  AllowOverride None
9   </Directory>
10   <Directory /location_to_files_of_your_domain/>
11  Options Indexes FollowSymLinks MultiViews
12  AllowOverride All
13  Order allow,deny
14    allow from all
15   </Directory>
16
17     ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
18   <Directory "/usr/lib/cgi-bin">
19   AllowOverride None
20   Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
21   Order allow,deny
22   Allow from all
23   </Directory>
24
25    SSLEngine on
26    SSLCertificateKeyFile    /etc/apache2/ssl/domain_com.key
27      SSLCertificateFile       /etc/apache2/ssl/doamin_com.crt
28      SSLCertificateChainFile  /etc/apache2/ssl/domain_com.ca-bundle
29
30    ErrorLog ${APACHE_LOG_DIR}/domain_ssl.com-error.log
31
32    # Possible values include: debug, info, notice, warn, error, crit,
33
34    LogLevel warn
35
36    CustomLog ${APACHE_LOG_DIR}/domain_ssl.com-access.log combined
37
38        Alias /doc/ "/usr/share/doc/"
39      <Directory "/usr/share/doc/">
40         Options Indexes MultiViews FollowSymLinks
41         AllowOverride None
42        Order deny,allow
43        Deny from all
44        Allow from 127.0.0.0/255.0.0.0 ::1/128
45      </Directory>
46
47   </VirtualHost>

dont save it , we need to make some changes to it
on line number 3,4 change your_domain.com to your website name
like my website name is indishell.in so i will replace your_domain.com with indishell.in

on line 5 and 10  change /location_to_files_of_your_domain to location of your website
like my website files are under directory /data/indishell
so i will replace /location_to_files_of_your_domain with /data/indishell
and line 5 and 10 will be like this

line 5 DocumentRoot /data/indishell
line 10 <Directory /data/indishell/>

and now comes the main part aka ssl certificates defination
26    SSLCertificateKeyFile    /etc/apache2/ssl/domain_com.key
27      SSLCertificateFile       /etc/apache2/ssl/doamin_com.crt
28      SSLCertificateChainFile  /etc/apache2/ssl/domain_com.ca-bundle

line 26 tells the location of our RSA key file location (domain.key file which we generated during csr file generation)
my domain.key file name is indishell.key and it is under directory /etc/apache2/ssl
so line 26 will be
SSLCertificateKeyFile    /etc/apache2/ssl/indishell.key

line 27 tells the  location of domain certificate file which was sent by ssl vendor to us (domain_com.crt file)
my domain certificate file name is indishell.crt and it is saved in directory /etc/apache2/ssl/
so line 27 will be like this for me
SSLCertificateFile       /etc/apache2/ssl/indishell.crt

line 28 is to tell intermediate certificate location
intermediate certificate is the file which has to be provided by ssl certificate vendor and its name will be like domain.ca-bundle
in my case, this file is saved under directory /etc/apache2/ssl and name is indishell.ca-bundle
so line 28 will be like
 SSLCertificateChainFile  /etc/apache2/ssl/indishell.ca-bundle

 now line 30 and 38
 both are for logging access and error log for your website
 just replace keyword domain to whatever you want , like i am replacing it with indishell

 ErrorLog ${APACHE_LOG_DIR}/indishell_ssl.com-error.log
 CustomLog ${APACHE_LOG_DIR}/indishell_ssl.com-access.log combined

 so error logs of my website will be saved in file  indishell_ssl.com-error.log  under directory /var/log/apache
 and access logs will be saved in file indishell_ssl.com-access.log under directory /var/log/apache2

 ok now everything has been setup , just save this file . enter into site available directory using command
 cd /etc/apache2/sites-available
 execute this command to activate the ssl config file for website

 a2ensite name_of_website_ssl_config_file
 here   name_of_website_ssl_config_file  is the name of the ssl config file which we created in above step
 mine ssl config file name was indishell.in(mentioned above)
 so command for me is
 a2ensite indishell.in

 now we need to reload apache server , command is
 service apache2 reload

 and now access your website using https://website.com >:D<

 if you want , whenever someone access yourdomain.com, it should redirect to https://yourdomain.com
 open your domain vhost file(which is configured for http connection)
 we need to add redirection rule , locate these lines in starting of your vhost file
  Servername  yourdomain.com
  ServerAlias  www.yourdomain.com
 just below these lines , add this line
 Redirect / https://yourdomain.com/

 here https://yourdomain.com is the link for your https domain name
 like in my casemy website is indishell.in and i want to redirect it to https://indishell.in
 config in normal vhost file will be

     Servername  indishell.in
     ServerAlias  www.indishell.in
      Redirect / https://indishell.in/
     
and done \m/
reload apache server and enjoy the ssl on your website 8-)
Thank you
   
-==[[Love to]]==--
zero Cool ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba ,Silent poison India,Magnum sniper,Atul  Dwivedi,ethicalnoob Indishell,Local root indishell,Irfninja indishell,Reborn India,L0rd Crus4d3r,AR AR,Mannu, ViKi, Hardeep singh Bhuppi,Mohit, Ffe, Anju, RR Mam, Acchi bacchi(Jagriti) and DON
     

Share this post
© 2009 Start With Linux | Mannu Linux
Designed by cyb3r.gladiat0r
Posts RSSComments RSS
Back to top