Once you have your server running with a self-signed certificate you might find it useful to have a “real” certificate that does not warn users.
Many of the CA’s provide test certificates that are generally valid for 30-60 days, I’ve recently discovered StartSSL, that generates free certificates that are valid for a full year.
- Generating keys and certificates….
NOTE: this process is rather involved and is documented better elsewhere, here’s what I needed to remember to get the keys and certificates.
- save ssl.key (private)
- save ssl.crt (pem encoded)
- get file from control panel:
sub.class1.server.ca.pem
- Make sure that you move all three files to the /etc/apache2/ssl/ folder on the server.
- Edit the config file…
sudo vi /etc/apache2/sites-available/default-ssl.conf
Modify the values related to the keys and certs…
SSLCertificateFile /etc/apache2/ssl/ssl.crt
SSLCertificateKeyFile /etc/apache2/ssl/ssl.key
SSLCertificateChainFile /etc/apache2/ssl/sub.class1.server.ca.pem
- Reload the config and restart…
sudo service apache2 reload
sudo service apache2 restart
-
Test it out…
https://www.ssllabs.com/ssltest/analyze.html?d=YOURDOMAIN.COM
REFERENCES: