Linux‎ > ‎

How to install SSL on a Linux server

These examples are based on an Amazon EC2 Linux server.   We also are using an SSL certifcate we got from Network Solutions.


Step 1 - Install SSL on the server

sudo yum install -y mod_ssl


Step 2- Generate a Certificate Signing Request on your webserver.


a) Login to server with putty

b)  Issue this command:

sudo openssl req -new -key /etc/pki/tls/private/localhost.key -out domainname.pem

NOTE:  the localhost.key file was generated when you installed SSL.   There are steps to create a custom key file if you want.


c)  It will ask you questions

d)  The file gets created in the root directory.   Type this command to see it:   "dir"

e) To open it, type "sudo nano domainname.pem".   

The request will come up.  Highlight the data and copy it to Notepad on your computer.

f)  Submit the request to your SSL provider


Step 3:   Upload files

3a)    With network solutions, you have to upload two files:

dv_chain.txt
domainname.com.crt


3b)   Cert files have to be located in:   /etc/pki/tls/certs/   

3c) You won't have security permissions to directly put something in this directory.   So you have to upload the files to a directory you do have access to, and then login to server with Putty and move the files.

"sudo mv /var/www/html/dv_chain.txt /etc/pki/tls/certs"


4)  You have to edit the key Apache SSL config file

/etc/httpd/conf.d/ssl.conf

so "sudo nano /etc/httpd/conf.d/ssl.conf"

YOU HAVE TO EDIT:


# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
ServerName www.yourdomainname.com:443
ServerAlias yourdomainname.com:443


#   Server Private Key:
#   If the key is not combined with the certificate, use this
#   directive to point at the key file.  Keep in mind that if
#   you've both a RSA and a DSA private key you can configure
#   both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/pki/tls/certs/yourkeyfile.key


#   Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate.  If
# the certificate is encrypted, then you will be prompted for a
# pass phrase.  Note that a kill -HUP will prompt again.  A new
# certificate can be generated using the genkey(1) command.
SSLCertificateFile /etc/pki/tls/certs/yourdomainname.com.crt


#   Certificate Authority (CA):
#   Set the CA certificate verification path where to find CA
#   certificates for client authentication or alternatively one
#   huge file containing all of them (file must be PEM encoded)
SSLCACertificateFile /etc/pki/tls/certs/dv_chain.txt


5)  Restart apache

sudo service httpd restart


6) If you have problems, look at main apache config file

a)  sudo nano /etc/httpd/conf/httpd.conf

b)  Make and change and save

c)  Restart service sudo service httpd restart





Comments