This quick, four-part guide explains how to install an SSL Certificate on Debian. The first two sections cover essential configuration aspects, while the latter portions offer general info on Debian history and SSL buying recommendations.

How to generate CSR for a Debian Server?
Install an SSL Certificate on Debian
Debian server history and versions
Where to buy an SSL Certificate for a Debian server?

How to generate CSR for a Debian server?

Before installation, your first task is to generate a CSR (Certificate Signing Request) code. This is the standard procedure when applying for an SSL Certificate. The CSR contains relevant details about your domain and organization which the Certificate Authority must verify before issuing you the certificate. If your Apache server is running on Debian, follow the steps below to generate your CSR code:

  1. You’ll perform the whole CSR generation process via the secure shell (SSH) protocol. Log into your server using the SSH command
  2. In the SSH, you need to create the CSR file and the private key for your certificate. Enter the following command at the prompt:
    openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite.key -out mywebsite.csr

    Note: Replace mywebsite with your real domain name. For example, if your domain name is, you must enter example.key and example.csr.

  3. Now it’s time to submit the required information about your company to the CA. Fill in the fields as shown below:
    • Country Name – enter the two-letter country code where your organization is officially registered. For the United States you’ll type “US”, for Canada “CA”. If you’re not sure about the abbreviation of your country, here you can find the full list of country codes.
    • State or Province –type the full name of the state or province where you’re legally doing business
    • City or Locality – again, provide the full name of the city where your company is located
    • Organization Name – if you bought a Domain Validation certificate, enter your full name.  If you purchased Business or Extended Validation SSL, enter your organization’s legal name; for example, (GPI Holding LLC)
    • Organizational Unit Name – type “IT” or “Web Administration”. These departments are usually in charge of SSL management
    • Common Name – here you must enter the fully qualified domain name (FQDN) you want to protect; for example,

      Note: For a wildcard certificate, you must include an asterisk in front of your domain name; for example, * Do not add “https” or any other characters.

    • Email Address – provide a valid email address
    • A challenge password – this in an optional attribute. If you decide to create a password, write it down or make sure to remember it
    • An optional company – this is another option attribute. You can add your Brand name, or leave the field blank.
  4. Well done! Your CSR and private key files are ready. You can find them in your working directory via the “ls” command.

Now, you can copy-paste the whole CSR content in a text editor, and send it to the CA during your order process. Depending on your SSL method, you should receive the SSL certificate within minutes, or in the next couple of days.

Install an SSL Certificate on Debian

  1. Once your SSL certificate has landed in your inbox, download the root certificate and intermediate certificate files, and save them to the Debian server, in a particular directory
  2. Now, you have to locate and edit the Apache .config file. It usually resides in the /etc/apache2/sites-enabled/your_site_name directory. If it’s not there, find it via the sudo a2ensite your_site_name command
  3. Pick a text editor of your choice and open the Apache .config file

    Note: To connect to your site through both HTTP and HTTPS, you need to create two separate files in the sites-enabled directory. The HTTP file will use port 80 to establish the connection, while the HTTPS one will perform the same action via port 443.

  4. In the .config file, find the Virtual Host block. You need to edit it to make your website available only via the HTTPS.
  5. By default, the Virtual Host block looks like this:
    <VirtualHost *:443>
    SSLEngine on
    SSLCertificateFile /path/to/yourdomain.crt
    SSLCertificateKeyFile /path/to/yourdomain.key
    SSLCertificateChainFile /path/to/

    You will adjust it to your own SSL certificate details:

      • SSLCertificateFile – provide the location (on your server) of your SSL certificate
      • SSLCertificateKeyFile – specify the location (on your server) of the private key file (you created the private key file along with the CSR code)
      • SSLCertificateChainFile – enter the location (on your server) of your intermediate certificate/ca-bundle file.

        Note 1: In the unlikely event that the SSLCertificateFile command doesn’t work, try SSLCACertificateFile instead.

        Note 2:  The ca-bundle file must contain the intermediate certificate (e.g. DigiCertCA.crt) followed by the root certificate (e.g. TrustedRoot.crt)  – particularly in this order.

  6. Inspect the newly configured Virtual Host block for potential typos and errors. If everything looks good, save the .config file.
  7. Now, it’s time to add the final touches to your SSL installation. First, use the apachectlConfigtest command to scan for errors. If there’s an issue with the configuration, perform the installation steps again, from the very beginning. If there are no errors, move on to the final step
  8. All that’s left is to restart the Apache server. Run the following commands: apachectl stop and apachectl start.

It’s done! You’ve successfully configured your SSL certificate on your Debian server. You can always check the state of your SSL installation with these excellent SSL tools.

Debian Server History and Versions:

Debian is one of the earliest operating systems built on the Linux kernel. Fist announced on August 16, 1993, by Ian Murdock, the Debian OS consists entirely of free software. Debian project, a non-profit organization, oversees the development and distribution of new Debian releases. One of Debian’s distinct features is access to over 51.000 software packages, making it the largest software collection.

Debian’s versions are classified in three branches. Stable (final major releases), testing (preview of major releases) and unstable (used for development purposes). The first stable release of Debian occurred in 1996. We’ve compiled a list of all the major stable releases:

  • Debian 1.1 (Buzz) – released on 17 June 1996, it contained 474 packages
  • Debian 2.0 (Potato) – released on 24 July 1998, it contained over 1,500 packages
  • Debian 3.0 (Woody) – released on 19 July 2002, it contained roughly 8,500 packages
  • Debian 4.0 (Etch) – released on 8 April 2007, it contained about 18,000 packages
  • Debian 5.0 (Lenny) – released on 15 February 2009, it contained around 23,000 packages
  • Debian 6.0 (Squeeze) – released on 6 February 20111, it contained over 29,000 packages
  • Debian 7.0 (Wheezy) – released on 4 May 2013, it contained more than 36,000 packages
  • Debian 8 (Jessie) – released on 25-26 April 2015, it came with more than 43,000 packages
  • Debian 9 (Stretch) – released on 17 June 2017, it is the latest stable version and includes over 51,000 packages.

Where to buy an SSL Certificate for a Debian server?

The best place to buy an SSL Certificate for Debian is from SSL Dragon. We offer unbeatable prices, regular discounts and great deals on the entire range of our SSL products. We’ve carefully selected the best SSL brands on the market to provide your website with bulletproof encryption. All our SSL certificates are compatible with Debian. Here are the types of SSL certificates we sell:

To help you pick the ideal SSL certificate, we built a couple of exclusive SSL tools. Our SSL Wizard takes care of your searching and recommends the best SSL deal for your online project. On the other hand, the Certificate Filter sorts and compares different SSL certificates by price, validation, and features.

If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.