How to Generate CSR and Install SSL in Apache 2.4

No Comments

This article covers:

  1. How to generate CSR (certificate signing request), which is required before when you purchase an SSL.
  2. How to install SSL in a shared hosting environment
  3. How to redirect http to https

The server environment:

  1. Apache 2.4, Ubuntu 18.04
  2. Certificate purchased from RapidSSL Online and issued by GeoTrust.
  3. Website platform can be either WordPress or Magento

Step 1 Generate private key and CSR

Firstly we need to generate a server key for CSR and SSL; we recommend to use an encrypted key. However please keep in mind that, if you use an encrypted key, each time you restart apache server it will prompt you to enter the passphrase you used for encryption, this might cause issues in a multi-user environment unless you share the keys with all SSH users. Since we’re installing SSL in a shared hosting environment. We prefer to keep things organised, so all certificate related files are stored in
/etc/ssl/your_website_name
The command to generate the key is:
sudo openssl genrsa -des3 -out www.your_domain_name.com.key 2048
Type in the passphrase, then keep it safe. If you haven’t heard of, passpack is one of the best password solutions. The command you need to generate your CRS is:
sudo openssl req -new -key www.your_domain_name.com.key -out www.your_domain_name.com.csr
Then follow the prompts to filling the business information of your website. In case you might wonder, a common name is the same as the domain name.

Step 2 Purchase and save certificate files

If your SSL issuer is GeoTrust, then make sure you choose the domain validation method as file-based validation, because email validation requires you to have a domain email which is not as convenient. Make sure you create the validation file and put it in the right folder GeoTrust suggested. If everything goes into plan and you’re only purchasing a basic SSL, you should receive your certificates in a couple of minutes once you complete the CSR process. There will be two files, server certificate and intermediate certificate which is also called chain file in Apache2. Once again the folder should be same as above mentioned, and we prefer to name them as below:
cd /etc/ssl/your_website_name

sudo pico www.your_website_name.com.au.cert

sudo pico www.your_website_name.com.au.cert

Step 3 Install SSL certificate

Now go to Apache virtual host configuration folder:
cd /etc/apache2/sites-available/
Make a copy of your existing non-secure apache site configuration file:
sudo cp your_website_name_80.conf  your_website_name_443.conf
Then edit the _433.conf file and firstly, change the port number to 443.
<VirtualHost *:443> ... </VirtualHost>
Then at the bottom of the file before the virtual host closing tag, paste the certificate details in:
SSLEngine on
SSLCertificateFile /etc/ssl/your_website_name/www.your_website_name.com.au.cert
SSLCertificateKeyFile /etc/ssl/your_website_name/www.your_website_name.com.au.key
SSLCertificateChainFile /etc/ssl/your_website_name/www.your_website_name.com.au.chain.cert
Once completed, enable the new site configuration file, then reload apache2.
sudo a2enssite /etc/apache2/sites-available/your_website_name_433.conf

sudo systemctl apache2 reload

Step 4 Fix non-https contents and redirect http to https

If your website is built on WordPress, then you’re likely to have some http links awaiting to be addressed. You may use a plugin such as SSL Insecure Content Fixer to do the majority of the work but make sure to back up the site before installing this plugin! The changes will be made soon as you activate this plugin, so be cautious as there is a risk of breaking your WordPress site. To redirect http to https, add below in your .htaccess file, right after RewriteEngine On
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{HTTP_HOST} ^(www\.)?your_website_name\.com
RewriteRule ^(.*)$ https://www.your_website_name.com/$1 [R,L]
Lastly, make sure you test all the variants:
http://your_website_name.com

http://www.your_website_name.com

https://your_website_name.com

https://www.your_website_name.com
They should be all working with http versions redirected to https versions.

To many, a business is a lifetime commitment. It's easy to start one yet difficult to make it successful. Attitude, skills, experiences and dedication help hone the craft along the way, but it's often the great vision and resilience to remain focused wins the game. Read more about me here

More from Our Blog

See all posts