[Apache] Installing SSL Certificate to VPS

Laurab

 This tutorial will show how to install SSL certification on the Apache webserver.

We assume that you have already installed and configured the VPS server with an Apache webserver.

Requirements

Before proceeding with installation, make sure that the SSL certificate is issued correctly. If you choose a certificate from Time4VPS, please follow this instruction on how to order it and get issued: https://www.time4vps.com/knowledgebase/how-to-order-ssl-certificate-and-get-it-issued/

In order to store a certificate on the server, we will be using a default folder /etc/ssl/.

Installation steps

1.  First of all, upload the certificate's file in the folder /etc/ssl/. It should be three of them:

• domain.tld.crt (Certificate);
• domain.tld.key (Private Key);
• domain.tld.ca-bundle (Certification Authority (CA)).

Note. If you order a certificate from Time4VPS, you would find Certificate and CA files in the Clients area page: https://billing.time4vps.com/.
Private Key is provided when you generate the CSR. If you do not order from Time4VPS, please contact your issuer of SSL certificate in order to get it.

2. Apache configuration for SSL certificate

You need to configure a default Apache file:

sudo nano /etc/apache2/sites-available/default-ssl.conf

Add a line under <VirtualHost _default_:443> if it does not exist:

ServerName domain.tld

In the same file find the line and edit the file path to your uploaded certificate files on the server:

SSLCertificateFile /etc/ssl/domain.tld.crt

SSLCertificateKeyFile /etc/ssl/domain.tld.key

SSLCertificateChainFile /etc/ssl/domain.tld.ca-bundl

Note. The files path may be different if you prefer that, just do not forget to edit the path of the file correctly.

Enable ModSSL module for Apache:

sudo a2enmod ssl

Enable our Apache SSL configuration file which we edited earlier:

sudo a2ensite default-ssl

Restart Apache:

sudo systemctl restart apache2

That is it, your certificate was installed.

A piece of useful information is that you can also generate CSR via command line:

openssl req -new -newkey rsa:2048 -nodes -keyout domain.tld.key -out domain.tld.csr

After this, you will have to fill the CSR details like bellow:

Country Name (2 letter code) [XX]: LT

State or Province Name (full name) []: Lietuva

Locality Name (eg, city) [Default City]: Vilnius

Organization Name (eg, company) [Default Company Ltd]: It can be your company name or First and Last name for individual person

Organizational Unit Name (eg, section) []: IT

Common Name (eg, your name or your server's hostname) []:
domain.tld (exact name of the domain, which will certificate be issued
for)

Email Address []: [email protected]

A challenge password []: press ENTER

An optional company name []: press ENTER

That is it. Your CSR is ready and you can provide the content of it for certificate issuer. Private Key file was generated as well, you will need to use it to install SSL.