June 5, 2016
Installing a new ssl Certificate on your own Linux Server
I use startssl as they provide an excellent free ssl certificate for private use. You can choose any that you like.
- Register on startssl and start domain validation process
- Once, the domain is validated, e.g., via email, follow these steps to create an ssl CSR (certificate request)
openssl req -newkey rsa:2048 -keyout yourdomainname.key -out yourdomainname.csr
- Note: the key and csr files can be named as you like.
- Unencrypt the yourdomainname.key file using the following command:
openssl rsa -in yourdomainname.key -out yourdomanprivate.key
- Copy the yourdomainprivate.key file to your Apache installation (e.g., /etc/apache2/ssl)
- Start the process of ssl certificate creation on startssl and paste your csr in the box provided.
- Download the generated zip file and unzip to find the Apache (or whatever server your are using) version.
- copy the 1_root_bundle.crt and yourdomainname.crt files to your apache ssl directory (e.g., /etc/apache2/ssl)
- Update the key names in the sites-enabled config file like:
SSLCertificateFile /etc/apache2/ssl/yourdomainname.crt SSLCertificateKeyFile /etc/apache2/ssl/yourdomainprivate.key SSLCertificateChainFile /etc/apache2/ssl/1_root_bundle.crt
- Restart Apache by:
service apache2 restart
- Note: Even when you are renewing with startssl, the process is the same as first time certificate creation.