Let’s learn how to setup SSL certificate to your domain pointing to AWS EC2 Ubuntu Instance. It’s a quick and easy way to steps without any confusion
- Step 1: Buy SSL Certificate from a vendor like Godaddy, SSls.com or any.
- Step 2: Create private key from ubuntu Ec2 instance
-
sudo openssl req -new -newKey rsa:2048 -nodes -keyout /etc/apache2/ssl/yourdomain.key -out /etc/apache2/ssl/yourdomain.csrNote: yourdomain.key must match your domain name like if I am creating key and csr for nishantverma.me, than name of my key should be nishantverma.key | nishantverma.csr
- Step 3: Upload your private keep to your purchased SSL certificate vendor to get the authorized certificate. (Apache Server) Download the certificate generated. You will get files as bellow
- Step 4: Once you have your certificate ready. Let’s check if your apache server has mod_ssl. upload a info.php file to your /var/www/html/info.php with content as
<?php phpinfo(); ?>
- If mod_ssl not install. Install it using
sudo a2enmod ssl
- If mod_ssl not install. Install it using
- Step 5: Upload your Certificate file to your server (Note: Keep your private and ctr all files at once place so that it will be easy to use). Assume, If you have uploaded your files to this location
/home/ubuntu/my-ssl-certifications/5a65a450e2f24b11.crt /home/ubuntu/my-ssl-certifications/yourdomain.key - Step 6: Now once you have all files in the server lets configure apache virtual host to use SSL
- Open default-ssl.conf using any editor
sudo vim /etc/apache2/sites-available/default-ssl.conf - With the comments removed, the file looks something like this:
ServerAdmin webmaster@localhost DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown - The entries in red were modified from the original file:
ServerAdmin webadmin@example.com ServerName yourdomain.com ServerAlias www.yourdomain.com DocumentRoot /var/www/html ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine on SSLCertificateFile /home/ubuntu/my-ssl-certifications/5a65a450e2f24b11.crt SSLCertificateKeyFile /home/ubuntu/my-ssl-certifications/yourdomain.key <FilesMatch "\.(cgi|shtml|phtml|php)$"> SSLOptions +StdEnvVars SSLOptions +StdEnvVars BrowserMatch "MSIE [2-6]" \ nokeepalive ssl-unclean-shutdown \ downgrade-1.0 force-response-1.0 BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
- Open default-ssl.conf using any editor
- Step 6: Now that we have configured our SSL-enabled virtual host, we need to enable it.
sudo a2ensite default-ssl.conf
- Step 7: Restart Apache to load your new virtual host file.
sudo service apache2 restart
Test your stuff https://server_domain_name_or_IP π
Comment out if you need further help. Connect with me on twitter for quick chat
No Comments
Leave a comment Cancel