Recently, I purchased Comodo Positive SSL for one of my web. Since this is my new experience on installing SSL onto Apache, I write this article so that anyone can refer to this step and also as my personal note.
- Before you install the certificates, you need to set up your virtual hosts and Apache configuration.
In /etc/apache2/ports.conf add this line:
NameVirtualHost *:443
So the ports.conf will be something like this:
NameVirtualHost *:80 Listen 80 NameVirtualHost *:443
- Then in your vhost file which is usually located at /etc/apache2/sites-enabled/default-ssl, edit or make sure this line is there:
<VirtualHost _default_:443> SSLEngine on SSLCertificateFile /etc/ssl/crt/www_your_domainname_org.crt SSLCertificateKeyFile /etc/ssl/crt/private.key SSLCACertificatePath /etc/ssl/crt/ SSLCACertificateFile /etc/ssl/crt/www_your_domainname_org.cer
SSLCertificateFile
This is the actual SSL certificate. Comodo will name it after your domain e.g. www_your_domainname_org.crt. So just copy the file into the correct directory /etc/ssl/crt/ and make sure your vhost file points to it.
SSLCertificateKeyFile
When you first generated your CSR to send to the commercial SSL issuer you should have gotten a key file. You just need to move it into the same folder as your SSL cert if it’s not there already and point the line to your vhost config.
SSLCACertificateFile
Comodo sends you that zip file with 3 individual CRT files in it you need to combine a couple of them into one file. You can ignore the file named after your domain and just focus on the other two. You need to combine them into one file in a very specific order.
Run this command to generate a file that matches your vhost config, remembering to change the file names to whatever the SSL issuer has given you:
cat PositiveSSLCA2.crt AddTrustExternalCARoot.crt > www_your_domainname_org.cer
Then, restart your server:
sudo a2enmod ssl sudo service apache2 restart