SSL Certificate Installation.
Wall Script
Follow Me:
Monday, July 09, 2012

SSL Certificate Installation.

I received many requests from my readers that asked to me how to configure SSL(https) for website like 9lessons labs. Actually I enable SSL for Facebook Application integration, nowadays most of the top sites allowing only secure https URL. In this post I explained few steps how to buy and setup a SSL certificate and configuration with XAMPP server in Ubuntu environment.

SSL Certificate Installation.

Live Demo

Step 1
Generating KEY file
root:/home# openssl genrsa -out domain.key 2048

Generating RSA private key, 1024 bit long modulus
....++++++
............++++++
e is 65537 (0x10001)


Step 2
Generating server CRT certificate file.
root:/home# openssl req -new -key domain.key -out domain.crt

Enter pass phrase for domain.key: Key Password

Country Name (2 letter code) [AU]:IN // Country Code 
State or Province Name (full name) [Some-State]:Tamilnadu // State 
Locality Name (eg, city) []:Chennai // City 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:9lessons 
Organizational Unit Name (eg, section) []:software
Common Name (eg, YOUR name) []:www.domain.com //
Email Address []:admin@domain.com // Domain Verification 


Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:SSL Password // No special characters
An optional company name []:egglabs

Where to buy?
Many are available on web, I suggest go for www.thawte.com SSL 123 Certificate and Thawte.com providing 21 days free trail click here. I ordered SSL 123 certificate from Bigrock these people providing Thawte certificates little cheaper.

SSL Certificate Installation.

Once SSL certificate order successful, download the domain.crt from your server and submit to SSL provider. SSL provider company eg. thawte will send you the domain verification mail to admin@domain.com which you specified email in CRT file.

Sample CRT file
After domain owner confirmation SSL provider generate a new SSL CRT file. You can download this from SSL provider admin panel based on the order.
-----BEGIN CERTIFICATE REQUEST-----
GIICBzCCAXACAQAwgZYxCzAJBgNVBAYTAklOMRIwEAYDVQQIDAlUYW1pbG5hZHUx
EDAOBgNVBAcMB0NoZW5uYWkxETAPBgNVBAoMCDlsZXNzb25zMREwDwYDVQQLDAhz
b2Z0d2FyZTEaMBgGA1UEAwwXV2VjdXJlLmRvbWFpbi5jb20xHzAdBgkqhkiG9w0B
CQEWEGFkbWluQGRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AKXUU6ccqfgVUliKR0S8OsKD8NGhsTH5zOneU5uOi0Ywi9mBE32v144vOc0xng53
LQkxtRCRtzbafIuB9OkHNaeEMfzfNo27kwhP1kwDP4k+pN7hYVkTTT+Wz4WOs4jP
1WHW2lmYhhCfhVjROP2nFhxVvNGu0Y6OYlAlsGhMasnNAgMBAAGgMDAWBgkqhkiG
9w0BCQIxCQwHZWdnbGFiczAWBgkqhkiG9w0BCQcxCQwHZWdnbGFiczANBgkqhkiG
9w0BAQUFAAOBgQAcIuVDoeAzFhSy020nXHpICyy13ffQAqMJEnrVjPQfDGlojBaV
HsQ2dLYENEHb6YiLd+GDwazyrxlR0v6cLlu7KPczvrBnvHH6DP42TMef8yrG8hZ2
TT1V/HCR2eq7oIND2mJdOdJgBvQa7BUy6DjqxfG8cYojbjH+jLRlgDagjA==
-----END CERTIFICATE REQUEST-----

Copy the new generated CRT text into notepad and save as into ssldomain.crt. Upload this into your server.

Step 3
Copy files in XAMPP directories
root:/home# cp ssldomain.crt /opt/lampp/etc/ssl.crt/ssldomain.crt
root:/home# cp domain.key /opt/lampp/etc/ssl.key/domain.key

Step 4
Enable SSL extension in /opt/lampp/etc/httpd.conf
LoadModule ssl_module modules/mod_ssl.so

Step 5
Modify a Virtual Host /opt/lampp/etc/extra/httpd-ssl.conf
<VirtualHost _default_:443>

# General setup for the virtual host
DocumentRoot "/opt/lampp/htdocs"
ServerName www.domain.com
ServerAdmin admin@domain.com
ErrorLog /opt/lampp/logs/error_log
TransferLog /opt/lampp/logs/access_log

# Server Certificate:
SSLCertificateFile /opt/lampp/etc/ssl.crt/ssldomain.crt

# Server Private Key:
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/domain.key

# Certificate Authority (CA):
SSLCACertificateFile /opt/lampp/etc/ssl.crt/ca.crt
</VirtualHost>

You can download ca.crt file from thawte.com, or click here to download this file. Same way upload into server copy into /opt/lampp/etc/ssl.crt/ directory.

Step 6
Enable the SSL port 443
Was this article helpful?
Thanks! Your feedback helps us to improve 9lessons.info


42 comments:

  1. Awesome tutorial shri... you are such a webstar buddy...

    ReplyDelete
  2. Useful! for looking for the exact same info for one of my project. Thanks much.

    ReplyDelete
  3. this is really useful. could u please write something on PHP yii framework. it will really help to framework learning peoples

    ReplyDelete
  4. Useful Article but i need some more in this... how can we install multiple ssl certificate on same ip?

    Thanks in Advance,
    Deven Patel

    ReplyDelete
  5. Very nice!
    Once again, thank you!

    ReplyDelete
  6. great article..very useful for me...

    ReplyDelete
  7. Thanks,You posted great article

    ReplyDelete
  8. I do search for ssl to protect xml from been downloaded.. Can u explain can ssl do protect xml file?

    Thanks..

    ReplyDelete
  9. sri, dude can you make 1tutorial for ssl installation in cpanel/whm? it would be great.

    ReplyDelete
  10. I have setup ssl for nignx but error


    nginx: [emerg] SSL_CTX_use_certificate_chain_file("/etc/nginx/ssl/domain.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)
    nginx: configuration file /etc/nginx/nginx.conf test failed

    ReplyDelete
  11. i have setup ssl for nginx but error

    server {
    limit_conn addr 10;
    listen www.xxxx.com:443;

    server_name www.xxxx.com;
    ssl on;
    ssl_certificate /etc/nginx/ssl/domain.crt;
    ssl_certificate_key /etc/nginx/ssl/domain.key;


    root /usr/share/nginx/html;
    }
    nginx: [emerg] SSL_CTX_use_certificate_chain_file("/etc/nginx/ssl/domain.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)
    nginx: configuration file /etc/nginx/nginx.conf test failed

    ReplyDelete
  12. thanks for posting this article...! Nice one...!

    ReplyDelete
  13. thanks, this post remind me...
    i just forget about it XD

    ReplyDelete
  14. Hi Srinivas,

    Am getting this error "Unable to load config info from /usr/local/ssl/openssl.cnf"

    What could be possible cause?

    Thanks.

    ReplyDelete
  15. nice post.. i was in search for the same from a longer period

    ReplyDelete
  16. Google Chrome blocked 4 JS files because they're not secure:

    http://www.google-analytics.com/urchin.js
    http://www.statcounter.com/counter/counter.js
    http://www.google-analytics.com/urchin.js
    http://www.statcounter.com/counter/counter.js

    Should we use to get our JS files through httpS as well?

    ReplyDelete
  17. Does it make my server slow down?

    ReplyDelete
  18. I've been looking for this tutorial really appreciate your way of your writing posts.

    ReplyDelete
  19. Dude, I spent 3 days with no success using this tutorial you put up. I finally got this fixed right now using

    openssl req -nodes -newkey rsa:2048 -keyout domain.key -out domain.csr

    This is all on Apache ModSSL CentOS. all while doing this, I have tried 6 SSL companies and am very angry the problem is simply because i fail to follow the steps provided by the SSL companies.

    ReplyDelete
  20. SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.

    ReplyDelete
  21. thank for share this tutorial, i like it :)

    ReplyDelete
  22. its a wonderful post thanks for sharing this , awesome post..

    ReplyDelete
  23. Really looking for such tutorial since long time, Appreciate for your efforts.

    ReplyDelete
  24. Thanks for this article
    i was looking it all around

    ReplyDelete
  25. Thanks a lot dude! I've been looking for this a very long time.

    ReplyDelete
  26. Hi there! I followed your tutorial step by step, but I simply keep getting the same error after clicking the send button:

    API Error Code: 191
    API Error Description: The specified URL is not owned by the application
    Error Message: redirect_uri is not owned by the application.

    Note that my site is on my localhost and within the FB app settings I am providing a random website with SSL support. Might the problem be that I am not triggering the send button (and JS script) from the domain provided in the FB app settings?

    Thank you so much for your help.

    ReplyDelete
  27. Thank you very much.

    Looks like Bigrock only support 2048 bits now, so had to generate the key with 2048 bits

    openssl genrsa -des3 -out domain.key 2048

    ReplyDelete
  28. Thanks for the article. It was very helpful, especially the bigrock link you provided. I went through the link and found that they provide SSL Certificates at a cheaper price.

    Cheers for your good work!

    ReplyDelete
  29. i have been browsing online more than 2 hours at the moment, but I never found several motivating article similar yours.it is attractive significance adequate for me.and now able to SSL Certificate Installation with my site or blogs thanks..

    ReplyDelete
  30. Very informative article. You have described step by step installation process of SSL certification. Thanks

    ReplyDelete
  31. It mean I have to buy the SSL, right?
    is there any way to make https without SSL or buying?

    ReplyDelete

Make in India