Create SSL certificate and install SSL on linux server

What Is SSL?

SSL (Secure Sockets Layer) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser or a mail server.

SSL allows sensitive information such as credit card numbers, social security numbers, and login credentials to be transmitted securely. Normally, data sent between browsers and web servers is sent in plain text—leaving you vulnerable to eavesdropping. If an attacker is able to intercept all data being sent between a browser and a web server they can see and use that information.

Steps to create and install SSL certificate on linux Apache server.

Step 1: Use following commands to create SSL KEY and CSR file

# openssl req -new -newkey rsa:2048 -nodes -keyout DOMAIN_NAME.key -out DOMAIN_NAME.csr

Step 2: Server will ask you to fill up following information

Country Name (2 letter code) [GB]: XX
State or Province Name (full name) [Berkshire]: XXX
Locality Name (eg, city) [Newbury]: XXX
Organization Name (eg, company) [My Company Ltd]: XXX
Organizational Unit Name (eg, section) []: XXX
Common Name (eg, your name or your server's hostname) []: DOMAIN_NAME
Email Address []: XXX

Step 3: Submit CSR certificate

After submitting all information, server will create 2 CSR and KEY files. Copy content from .CSR file and submit it to SSL certificate provider to generate certificate.

Step 4: Download and upload SSL certificate

Download SSL certificate from service provider for Apache server and upload it on your linux server. There will be 2 .CRT (certificate and chain file) files.

Step 5: Change SSL setting on server

Now open SSL.CONF file on server, if its not exits install MOD_SSL on server. Add following code in SSL.CONF file for your virtual host.

 ServerAdmin ADMIN_EMAIL
 DocumentRoot DOMAIN_DOC_ROOT
 ServerName DOMAIN_NAME
 ErrorLog ERROR_LOG_FOLDER_PATH
 CustomLog CUSTOM_LOG_FOLDER_PATH
 SSLEngine on
 SSLCertificateFile CERTIFICATE_FILE_PATH [WHICH YOU RECEIVED FROM CERTIFICATE PROVIDER]
 SSLCertificateKeyFile CERTIFICATE_KEY_FILE_PATH [WHICH YOU HAVE CREATED ON SERVER]
 SSLCertificateChainFile CERTIFICATE_CHAIN_FILE_PATH [WHICH YOU RECEIVED FROM CERTIFICATE PROVIDER]

Make sure port 443 is open on server.