how to generate ssl certificates

SSL Certificates also known as Digital Certificate is a widely used corner-stone of web security. I was recently faced some security problems. and the solution was very simple, a widely used term SSL. But at that time i don’t have any idea about what is SSL, how to generate SSL certificates, how it works and how it prevents Man-in-the-middle attacks. Thanks to the team who share their knowledge and help me in figure out the solution. There may be many who have the same questions in their mind. So I am sharing what i learn and how to generate SSL certificates.

Here are some steps to generate SSL certificates.

1. There are a lots of sources to generate ssl certificates. You can get free ssl certificates from here:  https://www.sslforfree.com
* you can pass multiple domains like example.com www.example.com backend.example.com blog.example.com
2. There are multiple options available when you submit domains to create certificates. choose manual verification.
3. Follow instruction specified in https://www.sslforfree.com  to verify domain.
4. download certs to local system.
5. upload certs to server.
6. cp or mv certs to following directories

*Note: If you don’t have permissions to run cp, mv or nano command, use sudo to run following commands.

cp /UPLOAD_DIRECTORY_PATH/certificate.crt /etc/ssl/certs/certificate.crtcp /UPLOAD_DIRECTORY_PATH/ca_bundle.crt /etc/ssl/certs/ca_bundle.crtcp /UPLOAD_DIRECTORY_PATH/private.key /etc/ssl/private/private.key

7. Now you have to create apache ssl configuration file. This configuration file should resides in /etc/apache2/sites-available directory. you can go to this path by following command:

cd /etc/apache2/sites-available

create ssl conf file by following command:
nano example-ssl.conf

copy following code to example-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName example.com
ServerAlias example.com
DocumentRoot <document root path like: /var/www/html/example>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/certificate.crt
SSLCertificateKeyFile /etc/ssl/private/private.key
SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt
<Directory /var/www/html/example>
SSLOptions +StdEnvVars
Options +FollowSymlinks
AllowOverride All
Require all granted
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

8. Enable ssl conf
a2ensite example-ssl.conf

9. restart apache service
service apache2 restart

10. check ssl status
https://www.sslshopper.com/ssl-checker.html#hostname=example.com

And that’s it. Cheers 🙂

Please follow and like us:

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top