How to install ssl certificate linux

⭐️Tutorial: Installing SSL Certificates on Linux Server

Weian Fan (Adam)🧙🏼‍♂️

Mar 2, 2019 · 3 min read

Hi everyone! This tutorial is for those individuals or small businesses who want to secure data tran s mission between client and their web server. In other words, SSL provides a proof to customers that your website is not harmful and all sensitive data such credit cards infomation will be protected during data transmistion, which is also known as HTTPS. However, you can skip this tutorial if you have used some big web hosting company such as Godaddy to do all the work for you. If you have a dedicated server or a cloud-based server such as AWS EC2, let’s begin building up SSL on your server.

Simply speaking, I assume you have these background:

Linux basics + Apache (Web Server) basics. !That’s all!

Step 1. Go to godaddy.com and purchase the SSL certificates.

Step 2. Login your Account and you should see your ssl certificates. Then click Mange.

Step 3. You need to generate CSR (Certificate Signing Request) by typing the commands below in the terminal, then you should fill in some necessary info. such as country code, email address, etc. More info please refer to this link.

Step 4. If everything went good by now, you expect to see the output file yourdomain.key in /etc/apache2/godaddy/. You need to open this file and copy the entire content and paste to CSR in your godday portal. Click Next.

Step 5. Verify my certificate request, this is nothing but to prove that you are the owner of the website. Godaddy gives you options to verify. The one I used is HTML page verification because I have a dedicated server and not email associated with domain name. By now, you should have received a email that contains special code, so you can add this to the specific directory. Create a directory named “/.well-known/pki-validation/”

Copy the special code first, then open vim editor and paste it into the godaddy.html. Vim Editor Trick: Press i then p. Pressing i allows you to enter insert mode, p will paste the code. Then press ESC key to esacpe to normal mode, Last step is HOLD shift and press z twice. Then your file should be saved. Now please go to the link http://yourdomain .com/.well-known/pki-validation/godaddy.html. You should see the code in the browser.

Step 6. Congratulations! You should receive a confirmation email saying that you have successfully verified ownership of the domain. Log back into godday console.

Step 7. Choose Apache server and Download SSL certificate files. Unzip this file, you should have two .crt files inside.

Step 8. FTP these two files to /etc/apache2/godaddy. I used FileZilla. Make sure you have write permission to the file of godaddy. Expected three files including two .crt and one .key file inside of godaddy. Result as following.

Step 9. Modify ssl configuration file.

Step 10. Restart Apache Web Server and you have finished!

Congraulations! You have successfully installed SSL certificates in web server. Your clients will be able to visit your website securely and have no security warning prompts from google chrome!

Note: if you fail to restart Apache server, you could open apache error.log file to see what is happening.

Hope you enjoy my first tech contribution! 💙

Also enjoy this cat by Erik-Jan Leusink.

Weian Fan (Adam)🧙🏼‍♂️

Cloud computing | Currently in D.C Area.[Any article starts with star is a feature article]

Источник

How to Install an SSL Certificate on Linux Server

With Security being the top most priority in the e-commerce world, the importance of SSL Certificates has skyrocketed. Installing an SSL Certificate on an online portal has become the basic foundation of a company’s business structure.

But the question is ‘How to install an SSL Certificate on a server?’

It is not necessary that everyone who is into e-commerce has a technical background. E-commerce is all about business and the owners are mostly businessmen. So also the core team of an e-commerce industry is not fully technical. In such a situation it becomes very difficult for people with minimal technical knowledge to grasp concepts even as basic like SSL Certificates or its installation for that matter.

This article aims at giving a sneak peek into the process of installing an SSL Certificate on Linux server in lay man’s words. This would help the non-technical people also to get a grasp of what it is all about. Of course, every e-commerce company has a core technical team, so they can easily take over from here. But it is always good to have a know-how of the process.

The installation of SSL Certificates on a Linux server is very easy. It can be done using a Plesk control panel and also without it.

What is Plesk?

It is a web hosting platform that has a very simple configuration. This simple configuration helps all web hosting providers to manage a lot of virtual hosts easily and on a single server. Ever since its conception, Plesk has been coming up as a preferred choice for all the web hosting companies.

How to install an SSL certificate on a Linux Server that has Plesk?

1. First Log into the control panel of Plesk.

2. Then, Select Domain;

3. The third step implies choosing the domain to be updated.

4. In the next step click on the ‘Add New Certificate’ icon.

5. Save the certificate name in the ‘Certificate Name’ box.

One would have the certificate and key files saved on the local computer. These certificate and key files are provided by the certificate authority and are important for the installation.

6. The next step is to find these files. Open these in a Notepad or in other similar text formats from where one can copy the text.

7. Copy the entire text of the files.

8. Paste them in the correct boxes. Reading through the content and the box name in Plesk will give one an idea where to paste it.

9. Next, click on the ‘Send Text’ button.

10. Go to the ‘Hosting Section’. It is on the domain screen.

11. Click ‘Set-up’ from this section. A drop down list will follow.

12. The next step is to click on the ‘new certificate’ from the drop down list.

13. Click ‘Ok’ to finish.

How to install SSL Certificate on Linux servers that do not have Plesk.

1. The first and foremost step is to upload the certificate and important key files. One can upload the files to the server using – S/FTP.

2. Login to Server. It is important to log in via SSH. Logging in via SSH will help the user to become the root user.

3. Give Root Password.

4. One can see /etc/httpd/conf/ssl.crt in the following step. Move the certificate file here

5. Next move key file also to /etc/httpd/conf/ssl.crt

It is important to ensure the security of the files that has been moved. One can keep the files secure by restricting permission. Using ‘chmod 0400’ will help users to securely restrict permission to the key.

6. Next Go to etc/httpd/conf.d/ssl.conf. Here the user will find Virtual Host Configuration set up for the domain.

7. Edit Virtual Host Configuration.

8. Restart Apache.

The technicality of installing an SSL certificate may baffle many non-technical people, but once one gets a hang of it, it becomes easy.

Источник

Certificate Services Support

Purpose: SSL/TLS certificate installation guide
For Apache Server (on Linux)

Need help generating a Certificate Signing Request (CSR) with this server?

If you are an ECS Enterprise account user, you may use the ACME Services for Entrust tool to auto-create the CSR. Otherwise, please use our Open SSL CSR command builder.

After you have obtained the command to use to create the CSR from the command builder, open your terminal and paste the command. A CSR and private key will be created.

Before you begin.

• Make sure you back up your Apache configuration files before making any changes. If you are replacing an existing certificate, do not delete the existing certificate or private key files in case you need to revert your previous configuration.
• Never share private keys files.
• If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
• It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
• Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
• For more information on SSL/TLS Best Practices, click here.

Special notes for installation on Linux OS:

• You must be able to sudo as root or have root access to the server in order to perform the commands below. Not being able to do so or having such access will lead to a permissions denied error. In this article, we will use the sudo command. If you are able to log in as root, disregard the «sudo» portion of the commands listed in this article.
• You must have ssl turned on for your Apache server and you must have the site for which you are going to be installing the certificate enabled.

The installation is in four parts
1) Copy the certificate files to your server
2) Configure the Apache server to point to certificate files
3) Test the configuration was successful
4) Restart the Apache server

1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a zip file that contains the following files:

• ServerCertificate.crt: Your signed SSL/TLS certificate
• ChainBundle2.crt: The Entrust Certificate chain files

2. Once the files have been extracted from the zip file, copy the files into a directory where you will store your certificate files on your server. Make sure you include your private key file that was generated when your created your CSR, as this will be required to configure SSL/TLS on your Apache server.

1. Open your Apache server configuration file and locate the virtual host entry for the website that will use the certificate. The location of the configuration file may vary depending on the Apache distribution and server Operating System. Look for the following directories and files on your server:

• etc/httpd/conf/httpd.conf
• etc/apache2/apache2.conf
• httpd-ssl.conf
• ssl.conf

2. In the «Virtual Host» section, add the directives shown in bold below if they are not already included in the configuration file. If these directives are already included, simply modify the file so that each directive is pointing to the new server certificate, certificate chain, and private key files.

DocumentRoot /var/www/html2
ServerName testcertificates.com
SSLEngine ON
SSLCertificateFile /etc/apache/ssl.crt/ServerCertificate.crt
SSLCertificateKeyFile /etc/apache/key.crt/yoursite.key
SSLCertificateChainFile /etc/apache/ssl.crt/ChainBundle2.crt

Where:
SSLCertificate file is your Server Certificate file (ServerCertificate.crt)
SSLCertificateChainFile is the Chain bundle file (ChainBundle2.crt)
SSLCertificateKeyFile is your server’s private key that was generated previously

Test your Apache config with the following command:
sudo apachectl configtest

Restart your Apache server by running the following command:
sudo apachectl restart

Your SSL/TLS Certificate should now be installed. If you have any questions or concerns please contact the Entrust Certificate Services support department for further assistance.

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra «1» before the «800» or your call will not be accepted as an UITF toll free call.

Источник

How to Install SSL Certificate in RedHat Linux Server – 3 Easy Steps

Steps to Install SSL Certificate in RedHat Linux Web Server

Initial Checklist

Before Installing SSL Certificate please ensure the following processes have been completed

• Buy/renew SSL Certificate
• Generate CSR with SHA-2 algorithm
• Save the CSR & Private key file on your server
• Apply for SSL Certificate Issuance
• Submit SSL Certificate issuance documents as per CA’s requirement (Only for Extended & Organization Validation)
• First, download and extract all certificate files, then install intermediate CA certificate and then Install Certificate file.

Step 1: Download & Extract Certificate files

Step 2: Installation of Intermediate CA certificate

• Open the intermediate certificate file using any text editor; copy all the encrypted data into a new file and save the new file with crt name.

Note: you can give any name to intermediate certificate file, but the extension of this file must be .crt.

• Copy this file in to /etc/httpd/conf/ssl.crt/intermediatecert.crt
• Open your CNF file using any text editor via etc/httpd/conf/httpd.conf location.
• Now using virtual host tag add following directive

• Your Intermediate Certificate is now installed.

Step 3: Install SSL Certificate File

• Open you certificate file with text editor and save it with new name as server-cert.crt
• Save your certificate file at following location /etc/httpd/conf/ssl.crt/server-cert.crt
• Following the same way add your server.key file at /etc/ httpd /conf/ssl.key/server.key

Now in your httpd.cnf file, using virtual host tag add following directives.

• Save your httpd.cnf file
• Restart your RedHat web server.

Finally SSL certificate is now installed on RedHat Linux Server.

Источник