Support > About independent server > This section describes how to deploy the SSL certificate on the server
This section describes how to deploy the SSL certificate on the server
Time : 2024-12-30 16:23:33
Edit : Jtti

Deploying an SSL certificate requires many steps, such as generating the private key and certificate signature, obtaining the certificate, and configuring the SSL on the Web server. The following describes the process for deploying the SSL certificate on the Apache Web server.

Mister into private key:

openssl genrsa -out your_domain.key 2048

The above command generates a 2048-bit private key, stored in your_domain.key.

Generate CSR:

openssl req -new -key your_domain.key -out your_domain.csr

Fill in the information as prompted. The information is used to generate the CSR.

To obtain an SSL certificate, you can purchase an SSL certificate from the CA, provide a CSR to the CA, and wait for the audit. After the certificate is obtained, you can obtain the certificate. You can also purchase an SSL certificate directly from an IDC vendor. There are multiple types of certificates. Select a proper type based on the actual requirements.

To configure SSL in Apache, you need to create the SSL virtual host configuration, for example, /etc/apache2/sites-available/your_domain_ssl.conf:

sudo nano /etc/apache2/sites-available/your_domain_ssl.conf

Add content (depending on the actual situation) :

<VirtualHost *:443>

    ServerAdmin admin@example.com

    ServerName your_domain.com

    ServerAlias www.your_domain.com

    DocumentRoot /var/www/your_domain

    ErrorLog ${APACHE_LOG_DIR}/error.log

    CustomLog ${APACHE_LOG_DIR}/access.log combined

    SSLEngine on

    SSLCertificateFile /etc/letsencrypt/live/your_domain.com/cert.pem

    SSLCertificateKeyFile /etc/letsencrypt/live/your_domain.com/privkey.pem

    SSLCertificateChainFile /etc/letsencrypt/live/your_domain.com/chain.pem

</VirtualHost>

Point SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile to your certificate file.

Enable new configuration:

sudo a2ensite your_domain_ssl.conf

To restart the Apache service:

sudo systemctl restart apache2

You can use an SSL online tool such as SSL Server Test to check whether the SSL certificate configuration is correct or takes effect.

Ensure that the SSL certificate deployment website has a domain name controller, and the SSL certificate authority will verify it. Ensure the security of the certificate and private key to ensure the validity of the SSL certificate. In a production environment, make sure to generate keys with a key length of 2048 bits or more.

If you are configuring SSL on nginx, create a new configuration file or edit an existing configuration file, such as /etc/nginx/sites-availables/ your_domain_ssl.conf:

sudo nano /etc/nginx/sites-available/your_domain_ssl.conf

Added:

server {

    listen 443 ssl;

    server_name your_domain.com www.your_domain.com;

    ssl_certificate /etc/letsencrypt/live/your_domain.com/fullchain.pem;

    ssl_certificate_key /etc/letsencrypt/live/your_domain.com/privkey.pem;

    ssl_session_timeout 1d;

    ssl_session_cache shared:MozSSL:10m;   # about 40000 sessions

ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # disable SSLv3

    ssl_ciphers  'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:DHE -RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';

    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (63072000 seconds = 7280 hours = 300 days)

    add_header Strict-Transport-Security "max-age=63072000" always;

    # Add header to use HTTPS

    add_header X-Frame-Options DENY;

    add_header X-Content-Type-Options nosniff;

    # SSL Stapling

    ssl_stapling on;

    ssl_stapling_verify on;

resolver 8.8.8.8 8.8.4.4 valid=300s;

    resolver_timeout 5s;

    root /var/www/your_domain;

    index index.html index.htm;

    location / {

        try_files $uri $uri/ =404;

}

}

server {

    listen 80;

    server_name your_domain.com www.your_domain.com;

    return 301 https://$server_name$request_uri;

}

Point ssl_certificate and ssl_certificate_key to your certificate file. Create symbolic links:

sudo ln -s /etc/nginx/sites-available/your_domain_ssl.conf /etc/nginx/sites-enabled/

Test Nginx:

sudo nginx -t

To restart Nginx:

sudo systemctl restart nginx

Verify SSL deployment ditto.

Relevant contents

Common method of the dpkg command in Linux How can I solve the Linux software installation failure Methods to expand the disk size of a KVM VM Multiple VMS are installed using a network in a KVM environment Steps to split a large tar file into multiple files of a specified size What is the size of the 42U standard server cabinet in the equipment room Set up dual device RAID0 in Linux using mdadm Linux Logical Volume Management (LVM) and Oracle Volume Management This topic describes how to synchronize the time and time zone of the system clock in Linux Take stock of common Netcat commands and their examples
Go back

24/7/365 support.We work when you work

Support
JTTI-Defl JTTI-COCO JTTI-Selina JTTI-Ellis JTTI-Eom