Summer Nights

A blog on embedded and real-time systems as well as on general computing issues

Installing a new ssl Certificate on your own Linux Server

I use startssl as they provide an excellent free ssl certificate for private use. You can choose any that you like.

  • Register on startssl and start domain validation process
  • Once, the domain is validated, e.g., via email, follow these steps to create an ssl CSR (certificate request)
    openssl req -newkey rsa:2048 -keyout yourdomainname.key -out yourdomainname.csr
  • Note: the key and csr files can be named as you like.
  • Unencrypt the yourdomainname.key file using the following command:
    openssl rsa -in yourdomainname.key -out yourdomanprivate.key
  • Copy the yourdomainprivate.key file to your Apache installation (e.g., /etc/apache2/ssl)
  • Start the process of ssl certificate creation on startssl and paste your csr in the box provided.
  • Download the generated zip file and unzip to find the Apache (or whatever server your are using) version.
  • copy the 1_root_bundle.crt and yourdomainname.crt files to your apache ssl directory (e.g., /etc/apache2/ssl)
  • Update the key names in the sites-enabled config file like:
    SSLCertificateFile /etc/apache2/ssl/yourdomainname.crt                           
    SSLCertificateKeyFile /etc/apache2/ssl/yourdomainprivate.key                        
    SSLCertificateChainFile /etc/apache2/ssl/1_root_bundle.crt
  • Restart Apache by:
    service apache2 restart
  • Note: Even when you are renewing with startssl, the process is the same as first time certificate creation.

Leave a Reply

Your email address will not be published. Required fields are marked *