In the first part of this tutorial, you will learn how to generate a CSR code for an Ubuntu server, and how to install an SSL certificate on Ubuntu server using Apache. The later paragraphs include a brief history of Ubuntu and recommendations on where to buy an SSL certificate for an Ubuntu Server.
We also recorded a video that walks you through the entire process. You can watch the video, or read the instructions, or do both. You can watch the video below.
How to Generate a CSR code in Ubuntu?
We’ll begin with CSR code generation. CSR stands for Certificate Signing Request, and it’s the standard application message you must send to the Certificate Authority to apply for a digital certificate. On Ubuntu based Apache server you can create the CSR via the secure shell (SSH) protocol.
- Use the SSH command to log into your server
- At the prompt enter the following command to create the private key and CSR files:
openssl req -new -newkey rsa:2048 -nodes -keyout mydomain.key -out mydomain.csr
- Don’t forget to replace mydomain with your actual domain name. For example, if your domain name is example.com, you must type example.key and example.csr
- Now, you need to provide up to date details about your company to the CA. Follow the examples below:
- Country Name – enter the two-letter code of the country where your business is legally registered, i.e. “US” if you’re located in the United States. Here you can find the full list of country codes.
- State or Province – submit the full name of the state or province where your company is registered
- City or Locality – submit the full name of the city where your organization is registered
- Organization Name – For Business Validation and Extended Validation certificates, enter your organization’s legal name (e.g. GPI Holding LLC). For Domain Validation certificates, type your full name
- Organizational Unit Name – Usually it’s the department responsible for SSL management. For example, “IT” or “Web Administration”
- Common Name – enter the FQDN (fully qualified domain name) you want to secure, for example, ssldragon.com.
Note: If you’ve bought a wildcard certificate, add an asterisk in front of your domain name, but don’t include https or any other characters; for example, *.ssldragon.com
- Email Address – enter a valid email address
- A challenge password – this extra attribute is optional and NOT recommended. If you want, you may create a password to further secure your SSL certificate, however, please keep in mind that a CSR with a challenge password will be rejected by the Certificate Authority.
- An optional company name – this field is self-explanatory. You may add an optional name for your company
- Congratulation! You’ve successfully created the CSR key. The newly generated files are yourdomain.csr, and yourdomain.key. You can use the “ls” command to find them in your working directory. Open a text editor such as Notepad to copy the CSR file and submit to the CA during your order process.
Install an SSL Certificate on Ubuntu
- Once you’ve completed the validation process, the Certificate Authority will send the SSL certificate files via email. Download the intermediate certificate and root certificate, and upload them to the Ubuntu server, in a specific directory.
- Now, you need to edit the Apache.config file. Its usual location is in /etc/apache2/sites-enabled/your_site_name. If you don’t find it there, run the following command:
sudo a2ensite your_site_name
- Open the Apache.config file with a text editor of your choice.
Note: To access your site via both HTTP and HTTPS protocols, you have to separate two different files in the sites-enabled folder. The HTTP file is for port 80, while the HTTPS one for port 443.
- Your next step is to configure the Virtual Host block. This action will make your site accessible only via the secure HTTPS protocol. Your default Virtual Host block contains the following lines of code:
<VirtualHost *:443>Adjust the Virtual Host block according to your SSL certificate details:
- In the SSLCertificate File parameter update the location of your SSL certificate file
- In the SSLCertificateKeyFile parameter, enter the location of the private key file you created during the CSR generation.
- In the SSLCertificateChainFile parameter, provide the location of the intermediate certificate file
Note: If the SSLCertificateFile directive doesn’t work, use the SSLCACertificateFile instead.
- Double-check the Virtual Host block, and save the .config file
- Run the
apachectlConfigtestcommand to test your new .config file for potential errors. If something is wrong with your configuration, you may need to go back and repeat the previous installation steps. If it works correctly, continue with the final step
- Use the
apachectl startcommands to restart the Apache.
Congratulations! You have successfully installed your SSL certificate on your Ubuntu server. To further test your SSL installation, and receive instant status reports, use these highly recommended SSL tools.
Ubuntu Server History and Versions
Ubuntu, (pronounced oo-boon-too) is a free and open source operating system and Linux distribution created from the Debian codebase. The first official release was on October 20, 2004. Today, Ubuntu is available in three official releases and more than 55 languages: Ubuntu desktop (personal computers), Ubuntu Server (servers and cloud), and Ubuntu Core (Internet of Things, devices and robots).
The word “Ubuntu” comes from the Zulu/Xhosa languages and literally means “human-ness” which can also be translated as “humanity”, “I am because we are”, and “humanity towards others”. The Ubuntu OS is named after the South African philosophy of Ubuntu or Ubuntuism.
Since its first release, Ubuntu has grown into a stable and secure platform with millions of users around the world. The company behind Ubuntu, Canonical Ltd, provides regular releases of Ubuntu every six months, and long-term support releases (LTS) every two years. Each release has its own, alternative code name that consists of an adjective and an animal. Below you can find a log of all the Ubuntu versions:
- Ubuntu 14.04 LTS – code-named Trusty Thar (supported until 2019-04)
- Ubuntu 14.10 – code-named Utopic Unicorn (no longer supported)
- Ubuntu 15.04 – code-named Vivid Vervet (no longer supported)
- Ubuntu 15.10 – code-named Willy Werewolf (no longer supported)
- Ubuntu 16.04 LTS – code-named Xenial Xerus (supported until 2021-04)
- Ubuntu 16.10 – code-named Yakkety Yak (no longer supported)
- Ubuntu 17.04 – code-named Zesty Zapus (no longer supported)
- Ubuntu 17.10 – code-named Artful Aardvak (no longer supported)
- Ubuntu 18.04 LTS – code-named Bionic Beaver (supported until 2023-04)
Where to buy an SSL Certificate for Ubuntu Server?
SSL dragon is your one-stop place for all your SSL needs. We offer the lowest prices on the market for the entire range of our SSL products. We’ve partnered with the best SSL brands in the industry to offer you high-end SSL security and dedicated support. All our SSL certificates are compatible with Ubuntu servers. Here are the SSL certificate types you can buy from us:
- Domain Validation
- Business Validation
- Extended Validation
- Code Signing
- IP Address
To help you select the perfect SSL certificate, we created a couple of handy SSL tools. Our SSL Wizard can recommend the best SSL deal for your online project, while the Certificate Filter, can help you sort and compare different SSL certificates by price, validation, and features.
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.