...

How to install SSL on a Linux server

gorilla-chimp

This little tutorial is describing how to install a secure server certificate ( SSL ) on your Linux server using shell comands Here’s what to do

First the site needs a dedicated IP and if does not have one you must assign one.

Your certs are located in /usr/share/ssl/certs

You need to copy your .crt and your cabundle there.

If your SSL provider gave you these files then just rename them as follows:

my_domain_name.crt
my_domain_name.cabunldle

Where my_domain_name is the websites domain name – mydomain.com

In /usr/share/ssl/private/ you should have a .key file named as my_doamin_name.key
Where my_domain_name is the domain name of the website
You don’t need to touch the key file you just need to make sure it’s there.

These files need to be in ASCII form so if you can’t read them in notepad then you need to convert them.

If you didn’t get them as files then just create the files in a text editor either on your PC or on the server using vi or pico.

Next step is to modify httpd.conf which is located in /usr/local/apache/conf

Be careful here – a wrong entry will cause http to not work.
Make a backup of this file in case you have a problem.

Edit the file and add this:

ServerAdmin my_contact_email
DocumentRoot /usr/local/apache/htdocs
BytesLog domlogs/my_domain_name-bytes_log
ServerName my_domain_name
CustomLog /usr/local/apache/domlogs/my_domain_name-ssl_log “%t %{version}c %{cipher}c %{clientcert}c”
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/my_domain_name.crt
SSLCertificateKeyFile /usr/share/ssl/private/my_domain_name.key
SSLCACertificateFile /usr/share/ssl/certs/my_domain_name.cabundle
SSLLogFile /var/log/my_domain_name

#UserDir public_html

SetEnvIf User-Agent “.*MSIE.*” nokeepalive ssl-unclean-shutdown
The CA bundle is your CA file
The cert is your CRT file
The Key was created by Cpanel and is there already – use the name of it or rename it if you wish so it matches what’s in the httpd.conf file.

Place your website IP in place of my_ip
Place your domain name in place of my_domain_name
Place your contact email in place of my_contact_email

That’s it

Discover more from WIREDGORILLA

Subscribe now to keep reading and get access to the full archive.

Continue reading