SSL Certificate installation in Apache and Nginx

SSL Certificate installation in Apache and Nginx::
=====================================

First step is to generate the CSR(Certificate Signing Request) for the domain

Apache Server SSL setup ::
------------------------------------

# openssl req -new -newkey rsa:2048 -nodes -keyout linuxgeeknotes_com.key -out linuxgeeknotes_com.csr

This will create two files

1. linuxgeeknotes_com.csr

2. linuxgeeknotes_com.key

Now contact the certificate provider with the csr file generated and they will verify the details provided and generate the cert file and CA bundle.

For apache webserver, we need to add the SSL certificate entries in the configuration files as follows::

<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/html2
ServerName www.linuxgeeknotes.com
SSLEngine on
SSLCertificateFile /path/to/linuxgeeknotes.crt
SSLCertificateKeyFile /path/to/linuxgeeknotes.key
SSLCertificateChainFile /path/to/linuxgeeknotes.crt
</VirtualHost>

Restart the service.



Nginx Server SSL Setup::
----------------------------------

# openssl req -new -newkey rsa:2048 -nodes -keyout linuxgeeknotes_com.key -out linuxgeeknotes_com.csr

This will create two files

1. linuxgeeknotes_com.csr

2. linuxgeeknotes_com.key

Now contact the certificate provider with the csr file generated and purchase the cert files. Concatenate the files to a single file named ssl-bundle.crt using the command as follows::

# cat www_linuxgeeknotes_com.crt DomainValidationSecureServerCA.crt AddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt


Add the SSL entries in the  configuration file as follows and restart the service::

server
{
listen 443;
ssl on;
ssl_certificate /etc/nginx/ssl/linuxgeeknotes_com/ssl-bundle.crt;
ssl_certificate_key /etc/nginx/ssl/linuxgeeknotes_com/linuxgeeknotes_com.key;

# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # ...
}