česky | cymraeg | deutsch | english | español | français | nederlands | português --- more step by step tutorials

Set up a SSL certificate with Debian (step by step tutorial)

This is how about to set up a SSL certificate on your server and running with it, using apache 2.4 on Debian GNU/Linux.

All of the following tasks are done as root, from the command line:

cd /etc/apache/ssl

openssl genrsa -out supersecret.key 4096

openssl req -key supersecret.key -new

Answer the questions as follows (hit Enter after each answer):
Country Code: (see: https://www.iso.org/obp/ui/#search)
State or Province: I put the province I live in
Locality name: I put the city I live in
Organization Name: I put a dot (period) which leaves the entry blank
Organizational Unit: I put a dot
Common Name: I put the fully qualified name of my server.
Email Address: I put my email address
challenge password: I left this blank
optional company name: I left this blank


cat supersecret.key myserver.crt class3.crt root.crt > myserver.pem

chmod 600 myserver.pem

NOTE: This is for Apache greater than version 2.4.8. If you have an older version, the intermediate and root certificates go in a separate file called the chain file.

NOTE, if you would prefer to not put the secret key in the pem file, specify the SSLCertificateKeyFile as well. I prefer to keep everything all together in one pem file. If you are using Apache less than 2.4.8, specify the chain file that includes the CACert intermediate and root certificates with SSLCertificateChainFile.

a2ensite default-ssl

apache2ctl graceful

That's it, now your server is up and running with a SSL certificate from CACert.org.

Here's a similar tutorial for Ubuntu: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04

Source: BM/15

HowToDocuments/ServerSSLWithDebian (last edited 2015-05-04 21:53:32 by EtienneRuedin)