SSL Certificate Installation.
Wall Script
Wall Script
Monday, July 09, 2012

SSL Certificate Installation.

I received many requests from my readers that asked to me how to configure SSL(https) for website like 9lessons labs. Actually I enable SSL for Facebook Application integration, nowadays most of the top sites allowing only secure https URL. In this post I explained few steps how to buy and setup a SSL certificate and configuration with XAMPP server in Ubuntu environment.

SSL Certificate Installation.

Live Demo

Step 1
Generating KEY file
root:/home# openssl genrsa -out domain.key 2048

Generating RSA private key, 1024 bit long modulus
....++++++
............++++++
e is 65537 (0x10001)


Step 2
Generating server CRT certificate file.
root:/home# openssl req -new -key domain.key -out domain.crt

Enter pass phrase for domain.key: Key Password

Country Name (2 letter code) [AU]:IN // Country Code 
State or Province Name (full name) [Some-State]:Tamilnadu // State 
Locality Name (eg, city) []:Chennai // City 
Organization Name (eg, company) [Internet Widgits Pty Ltd]:9lessons 
Organizational Unit Name (eg, section) []:software
Common Name (eg, YOUR name) []:www.domain.com //
Email Address []:[email protected] // Domain Verification 


Please enter the following 'extra' attributes
to be sent with your certificate request
A challenge password []:SSL Password // No special characters
An optional company name []:egglabs

Where to buy?
Many are available on web, I suggest go for www.cheapsslshop.com or www.thawte.com SSL 123 Certificate and Thawte.com providing 21 days free trail click here. I ordered SSL 123 certificate from Bigrock these people providing Thawte certificates little cheaper.

SSL Certificate Installation.

Once SSL certificate order successful, download the domain.crt from your server and submit to SSL provider. SSL provider company eg. thawte will send you the domain verification mail to [email protected] which you specified email in CRT file.

Sample CRT file
After domain owner confirmation SSL provider generate a new SSL CRT file. You can download this from SSL provider admin panel based on the order.
-----BEGIN CERTIFICATE REQUEST-----
GIICBzCCAXACAQAwgZYxCzAJBgNVBAYTAklOMRIwEAYDVQQIDAlUYW1pbG5hZHUx
EDAOBgNVBAcMB0NoZW5uYWkxETAPBgNVBAoMCDlsZXNzb25zMREwDwYDVQQLDAhz
b2Z0d2FyZTEaMBgGA1UEAwwXV2VjdXJlLmRvbWFpbi5jb20xHzAdBgkqhkiG9w0B
CQEWEGFkbWluQGRvbWFpbi5jb20wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
AKXUU6ccqfgVUliKR0S8OsKD8NGhsTH5zOneU5uOi0Ywi9mBE32v144vOc0xng53
LQkxtRCRtzbafIuB9OkHNaeEMfzfNo27kwhP1kwDP4k+pN7hYVkTTT+Wz4WOs4jP
1WHW2lmYhhCfhVjROP2nFhxVvNGu0Y6OYlAlsGhMasnNAgMBAAGgMDAWBgkqhkiG
9w0BCQIxCQwHZWdnbGFiczAWBgkqhkiG9w0BCQcxCQwHZWdnbGFiczANBgkqhkiG
9w0BAQUFAAOBgQAcIuVDoeAzFhSy020nXHpICyy13ffQAqMJEnrVjPQfDGlojBaV
HsQ2dLYENEHb6YiLd+GDwazyrxlR0v6cLlu7KPczvrBnvHH6DP42TMef8yrG8hZ2
TT1V/HCR2eq7oIND2mJdOdJgBvQa7BUy6DjqxfG8cYojbjH+jLRlgDagjA==
-----END CERTIFICATE REQUEST-----

Copy the new generated CRT text into notepad and save as into ssldomain.crt. Upload this into your server.

Step 3
Copy files in XAMPP directories
root:/home# cp ssldomain.crt /opt/lampp/etc/ssl.crt/ssldomain.crt
root:/home# cp domain.key /opt/lampp/etc/ssl.key/domain.key

Step 4
Enable SSL extension in /opt/lampp/etc/httpd.conf
LoadModule ssl_module modules/mod_ssl.so

Step 5
Modify a Virtual Host /opt/lampp/etc/extra/httpd-ssl.conf
<VirtualHost _default_:443>

# General setup for the virtual host
DocumentRoot "/opt/lampp/htdocs"
ServerName www.domain.com
ServerAdmin [email protected]
ErrorLog /opt/lampp/logs/error_log
TransferLog /opt/lampp/logs/access_log

# Server Certificate:
SSLCertificateFile /opt/lampp/etc/ssl.crt/ssldomain.crt

# Server Private Key:
SSLCertificateKeyFile /opt/lampp/etc/ssl.key/domain.key

# Certificate Authority (CA):
SSLCACertificateFile /opt/lampp/etc/ssl.crt/ca.crt
</VirtualHost>

You can download ca.crt file from thawte.com, or click here to download this file. Same way upload into server copy into /opt/lampp/etc/ssl.crt/ directory.

Step 6
Enable the SSL port 443
web notification

46 comments:

  1. UnknownJuly 9, 2012 at 3:01 AM

    Useful Article

    ReplyDelete
  2. LalitJuly 9, 2012 at 4:44 AM

    Awesome tutorial shri... you are such a webstar buddy...

    ReplyDelete
  3. Yash @ How to OnlineJuly 9, 2012 at 5:31 AM

    Useful! for looking for the exact same info for one of my project. Thanks much.

    ReplyDelete
  4. SelvamJillaJuly 9, 2012 at 6:17 AM

    this is really useful. could u please write something on PHP yii framework. it will really help to framework learning peoples

    ReplyDelete
  5. EfunmobJuly 9, 2012 at 6:24 AM

    Nice tutz Vinas :)

    ReplyDelete
  6. Deven PatelJuly 9, 2012 at 6:39 AM

    Useful Article but i need some more in this... how can we install multiple ssl certificate on same ip?

    Thanks in Advance,
    Deven Patel

    ReplyDelete
  7. MarkJuly 9, 2012 at 6:44 AM

    Great article!

    ReplyDelete
  8. WP Expert - Wordpress SupportJuly 9, 2012 at 7:10 AM

    very helpful. tks for sharing

    ReplyDelete
  9. RafaelJuly 9, 2012 at 7:23 AM

    Very nice!
    Once again, thank you!

    ReplyDelete
  10. phphungerJuly 9, 2012 at 8:48 AM

    great article..very useful for me...

    ReplyDelete
  11. UnknownJuly 9, 2012 at 9:49 AM

    Thanks,You posted great article

    ReplyDelete
  12. UnknownJuly 9, 2012 at 9:50 AM

    Thanks , Great Article

    ReplyDelete
  13. Ramasrinu RayavarapuJuly 9, 2012 at 11:13 AM

    Good work Srinivas.

    ReplyDelete
  14. AnonymousJuly 9, 2012 at 12:36 PM

    I do search for ssl to protect xml from been downloaded.. Can u explain can ssl do protect xml file?

    Thanks..

    ReplyDelete
  15. Song GeekJuly 9, 2012 at 10:17 PM

    sri, dude can you make 1tutorial for ssl installation in cpanel/whm? it would be great.

    ReplyDelete
  16. examJuly 9, 2012 at 10:35 PM

    I have setup ssl for nignx but error


    nginx: [emerg] SSL_CTX_use_certificate_chain_file("/etc/nginx/ssl/domain.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)
    nginx: configuration file /etc/nginx/nginx.conf test failed

    ReplyDelete
  17. examJuly 9, 2012 at 10:37 PM

    i have setup ssl for nginx but error

    server {
    limit_conn addr 10;
    listen www.xxxx.com:443;

    server_name www.xxxx.com;
    ssl on;
    ssl_certificate /etc/nginx/ssl/domain.crt;
    ssl_certificate_key /etc/nginx/ssl/domain.key;


    root /usr/share/nginx/html;
    }
    nginx: [emerg] SSL_CTX_use_certificate_chain_file("/etc/nginx/ssl/domain.crt") failed (SSL: error:0906D06C:PEM routines:PEM_read_bio:no start line error:140DC009:SSL routines:SSL_CTX_use_certificate_chain_file:PEM lib)
    nginx: configuration file /etc/nginx/nginx.conf test failed

    ReplyDelete
  18. Syam kumarJuly 10, 2012 at 1:41 AM

    thanks for posting this article...! Nice one...!

    ReplyDelete
  19. Ren KunJuly 10, 2012 at 5:21 AM

    thanks, this post remind me...
    i just forget about it XD

    ReplyDelete
  20. RanjeetJuly 10, 2012 at 5:43 AM

    very informative article.

    ReplyDelete
  21. UnknownJuly 10, 2012 at 7:10 AM

    Hi Srinivas,

    Am getting this error "Unable to load config info from /usr/local/ssl/openssl.cnf"

    What could be possible cause?

    Thanks.

    ReplyDelete
  22. deepaksharmambdJuly 10, 2012 at 7:44 AM

    nice post.. i was in search for the same from a longer period

    ReplyDelete
  23. LazaacJuly 10, 2012 at 10:28 AM

    i hate setup it in nginx!

    ReplyDelete
  24. IslamJuly 12, 2012 at 9:12 AM

    Google Chrome blocked 4 JS files because they're not secure:

    http://www.google-analytics.com/urchin.js
    http://www.statcounter.com/counter/counter.js
    http://www.google-analytics.com/urchin.js
    http://www.statcounter.com/counter/counter.js

    Should we use to get our JS files through httpS as well?

    ReplyDelete
  25. Short codeJuly 13, 2012 at 7:25 AM

    Does it make my server slow down?

    ReplyDelete
  26. TechongoJuly 14, 2012 at 11:30 PM

    I've been looking for this tutorial really appreciate your way of your writing posts.

    ReplyDelete
  27. Oluwaseun AjayiJuly 16, 2012 at 11:49 AM

    Dude, I spent 3 days with no success using this tutorial you put up. I finally got this fixed right now using

    openssl req -nodes -newkey rsa:2048 -keyout domain.key -out domain.csr

    This is all on Apache ModSSL CentOS. all while doing this, I have tried 6 SSL companies and am very angry the problem is simply because i fail to follow the steps provided by the SSL companies.

    ReplyDelete
  28. ssl certificateJuly 20, 2012 at 7:49 AM

    SSL (Secure Sockets Layer) is the standard security technology for establishing an encrypted link between a web server and a browser.

    ReplyDelete
  29. windows loaderJuly 29, 2012 at 6:55 PM

    thank for share this tutorial, i like it :)

    ReplyDelete
  30. DeepakAugust 1, 2012 at 8:36 AM

    its a wonderful post thanks for sharing this , awesome post..

    ReplyDelete
  31. Tech4sysAugust 3, 2012 at 8:28 AM

    Really looking for such tutorial since long time, Appreciate for your efforts.

    ReplyDelete
  32. Rohit KumarAugust 11, 2012 at 4:06 PM

    Thanks for this article
    i was looking it all around

    ReplyDelete
  33. AnonymousOctober 3, 2012 at 3:34 AM

    how to install this quickly

    ReplyDelete
  34. MaheshOctober 28, 2012 at 5:04 PM

    Thanks a lot dude! I've been looking for this a very long time.

    ReplyDelete
  35. AleksanderNovember 20, 2012 at 12:31 PM

    Hi there! I followed your tutorial step by step, but I simply keep getting the same error after clicking the send button:

    API Error Code: 191
    API Error Description: The specified URL is not owned by the application
    Error Message: redirect_uri is not owned by the application.

    Note that my site is on my localhost and within the FB app settings I am providing a random website with SSL support. Might the problem be that I am not triggering the send button (and JS script) from the domain provided in the FB app settings?

    Thank you so much for your help.

    ReplyDelete
  36. AnonymousJanuary 30, 2013 at 2:16 AM

    Thank you very much.

    Looks like Bigrock only support 2048 bits now, so had to generate the key with 2048 bits

    openssl genrsa -des3 -out domain.key 2048

    ReplyDelete
  37. VishalJune 13, 2013 at 1:14 AM

    Thanks for the article. It was very helpful, especially the bigrock link you provided. I went through the link and found that they provide SSL Certificates at a cheaper price.

    Cheers for your good work!

    ReplyDelete
  38. lukman ahsanJune 21, 2013 at 6:46 AM

    i have been browsing online more than 2 hours at the moment, but I never found several motivating article similar yours.it is attractive significance adequate for me.and now able to SSL Certificate Installation with my site or blogs thanks..

    ReplyDelete
  39. chetuJune 27, 2013 at 2:13 PM

    Very informative article. You have described step by step installation process of SSL certification. Thanks

    ReplyDelete
  40. UnknownJuly 4, 2013 at 7:35 PM

    It mean I have to buy the SSL, right?
    is there any way to make https without SSL or buying?

    ReplyDelete
  41. AnonymousFebruary 14, 2014 at 6:19 AM

    Nice

    ReplyDelete
  42. ULiveUSASeptember 18, 2017 at 10:50 PM

    Great info.

    ReplyDelete
  43. UnknownAugust 30, 2018 at 12:33 PM

    i am having trouble with ssl on my ec2-user linux xampp the Apache wont start please help

    ReplyDelete
  44. UnknownDecember 27, 2018 at 7:53 AM

    can i configure it on EC2 instance?

    ReplyDelete
  45. UnknownApril 20, 2020 at 6:11 AM

    Hello.
    This is not working in ubuntu 18 and xampp 7.2

    ReplyDelete

Most Popular Posts

mailxengine Youtueb channel
Facebook and Google Login
Make in India
X