Regardless of the kind of server you use (Apache HTTP Server, Tomcat or IIS), this simple guide to SSL Certificate installation will give you the overall idea of how the SSL Certificate is issued and installed and will help you in understanding the steps and troubleshoot the problems that you may be facing.
What You need
You need three files to successfully install SSL Certificate on your domain.
SSLCertificateFile - This should point to your server certificate which you get when you get a certificate issued from SSL provider.
SSLCertificateKeyFile - This should point to your server's private key that you generate using openssl command in Apache
SSLCertificateChainFile - This should point to the intermediate certificate provided by your SSL provider which connect to their ROOT CA.
Step 1. Create a CSR (Certificate Signing Request) using openSSL in Apache
In order to receive SSLCertificateFile (also known as the public key) from your SSL provider, you need to generate something called a CSR from your server. You generate that by running a simple command on your server.
This step will create a Public Key (CSR) and a corresponding Private key. This Request file is created using one simple openssl command on your Apache server, and the command created this request file and a private key.
The CSR file that gets generated is Base64 encoded which looks like this
Navigate to the folder in which you wish to keep the SSL files and run this command.
openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key
This command will generate two files
CSR.csr - The CSR file used to get the Certificate from your SSL provider
privateKey.key - The private key corresponding to your public key which is kept on your Server.
Each of these files should be viewable in a texteditor like notepad. Open the two files in a texteditor and make sure there are no empty spaces and the files have the following headers.
-----BEGIN PRIVATE KEY-----
-----END PRIVATE KEY-----
Open the Private key in text editor and make sure it is not Encrypted or else the apache would not be able to read the private ke
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
Step 2. Get the SSLCertificate file
Copy the CSR contents and provide them to your SSL provider. They will send you an SSLCertificate (again a base64 encoded text) through email/their dashboard.
If you are copying the SSLCertificate from your SSL providers dashboard, look for an option to copy the Certificate in PEM format.
Save the contents of the SSLCertificate file in a text editor as .crt
Now you have the second file that is needed to set up your SSL Installation.
The SSLCertificate headers look like this
Step 3. Get the Intermediate Certificate in TXT
Based on your type of SSL Certificate (OV, DomainSSL etc), you will have an intermediate certificate file provided for your type of SSL by your SSL provider.
For example, this is the file provided by GlobalSign for DomainSSL
Copy the Base64 Encoded text and save it as intermediate.crt.
If you open this file in a text editor, it should open well in Base64 format.
Step 4. Bind the Files in Apache
Now you give the path to your apache ssl.conf file to look for the three files.
Depending on your Apache/Tomcat distribution and your OS, your SSL configuration settings could be a standalone file in the /var/httpd/ssl.conf or it may be a part of your apache config file itself.
ServerName example.com or www.example.com
Step 5. Give access to your root system
You have new files created and these files may have the wrong ownership and access. Make sure your root system is the owner and can access these files without any denial of permissions.
sudo chown root /path/to/sslcertificate.crt
sudo chown root /path/to/privateKey.key
sudo chown root intermediate.crt
Step 6. Restart your Server
If you have gone through all the steps correctly, you shouldn’t face any issues once you restart your apache server.
Once you restart successfully, head to your website and give it some time. In a matter of few minutes, you should see your new certificate installed on your server perfectly.
Table of contents