What Is SSL?
SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser or a mail server.
SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.
Steps to create and install SSL certificate on linux Apache server.
Step 1: Use following commands to create SSL KEY and CSR file
# openssl req -new -newkey rsa:2048 -nodes -keyout DOMAIN_NAME.key -out DOMAIN_NAME.csr
Step 2: Server will ask you to fill up following information
Country Name (2 letter code) [GB]: XX State or Province Name (full name) [Berkshire]: XXX Locality Name (eg, city) [Newbury]: XXX Organization Name (eg, company) [My Company Ltd]: XXX Organizational Unit Name (eg, section) : XXX Common Name (eg, your name or your server's hostname) : DOMAIN_NAME Email Address : XXX
Step 3: Submit CSR certificate
After submitting all information, server will create 2 CSR and KEY files. Copy content from .CSR file and submit it to SSL certificate provider to generate certificate.
Step 4: Download and upload SSL certificate
Download SSL certificate from service provider for Apache server and upload it on your linux server. There will be 2 .CRT (certificate and chain file) files.
Step 5: Change SSL setting on server
Now open SSL.CONF file on server, if its not exits install MOD_SSL on server. Add following code in SSL.CONF file for your virtual host.
ServerAdmin ADMIN_EMAIL DocumentRoot DOMAIN_DOC_ROOT ServerName DOMAIN_NAME ErrorLog ERROR_LOG_FOLDER_PATH CustomLog CUSTOM_LOG_FOLDER_PATH SSLEngine on SSLCertificateFile CERTIFICATE_FILE_PATH [WHICH YOU RECEIVED FROM CERTIFICATE PROVIDER] SSLCertificateKeyFile CERTIFICATE_KEY_FILE_PATH [WHICH YOU HAVE CREATED ON SERVER] SSLCertificateChainFile CERTIFICATE_CHAIN_FILE_PATH [WHICH YOU RECEIVED FROM CERTIFICATE PROVIDER]
Make sure port 443 is open on server.