How To Install Ssl Certificate In Ubuntu 14.04

seven mins read

This guide traces our journey from HTTP to HTTPS site on AWS. At that place were two reasons for the motion. The commencement was the supposed SEO pickup that occurs when yous switch from HTTP to HTTPS. The second reason was the desire to provide a more secure environment to our mobile and responsive theme users. We had received some reports of session hijacking on infected smartphones and we felt that it was time that we switched from HTTP to HTTPS.

Our effort started with a quick Google search on installing SSL certificates on Amazon Web Services. The search results were somewhat helpful only not enough to help me figure out what I needed to exercise. Amazon Web Services documentation is hideously complicated. All I desire to know is if I have a single self-managed example with Apache on an Ubuntu server, how do I set SSL? Considering the heartache /headache I had to get through to get this done I thought it would aid to share this with others.

A few recommendations.

a) Nosotros fabricated the move over four weekends period. Once you figure out the process the movement itself is painless but we wanted to ensure that if a motion related outage occurred it would take minimal traffic impact.  Nosotros started planning in mid March with the switch finally taking place in tardily April.

b) In the first two weeks, we noticed a meaning alter in traffic signatures. Time on site, bounciness rates and page views per session all shot up.  But and then slid back to significantly lower levels compared to our pre-transition benchmarks. This may exist because of a google update that hit united states of america end of Apr, early May but nosotros are not certain.  Our article posting frequency mail service may too have had an impact on the drop in traffic.

c) The HTTP to https transitions kills your original Quantcast implementation. Some tweaking is required to bring it back. You will also observe a steep drib in your Google Webmaster dashboard but that is considering y'all are still tracking the former HTTP site. Y'all demand to add a new belongings and resubmit your new sitemap with https links to rails your new traffic results on webmaster.  Google analytics works the same so there is no issue there.

d) Server and page speed impact was significant in both absolute and percentage terms (roughly 30% slower) but non really noticeable at a user level. We went from 70 ms to 90 ms on server response and from 2 secs to iii secs on page load speeds post the move.

Below are the steps to install SSL certificates if:

1. You are using a cocky managed instance on Amazon Web Services
2. Operating Arrangement – Ubuntu 14.04
3. Webserver – Apache
4. Follows the Ubuntu/Debian layout of Apache files
5. Your website uses WordPress
6. Use a Mac with Terminal

Pace 1 – Check if your AWS instance has OpenSSL installed

Yous will starting time have to cheque if OpenSSL is installed on your AWS server. By default, information technology is always installed still to confirm, type in the following command in your Terminal window:

The results volition evidence the post-obit:

Packet: openssl
Status: install ok installed
Version: 1.0.1f-1ubuntu2.19

Step two — Activate the SSL Module

SSL support comes equally standard in the Ubuntu xiv.04 Apache package, however; y'all will need to enable information technology. To enable the module, run the command:

After yous have enabled SSL, you volition demand to restart the server for the change to come into result and handle SSL. Run the following command:

sudo service apache2 restart

Step three – Generate a Certificate Signing Request (CSR) for your server and Private Key

A CSR or Document Signing asking is a block of encrypted text that is generated on the server that the certificate will be used on. It contains information that volition exist included in your certificate.

Start, create a subdirectory in which you will place the individual fundamental and the CSR file. Run the post-obit command:

sudo mkdir /etc/apache2/ssl

Now from this directory, run the following command to generate a private key and a public Certificate Signing Request (CSR) for the webserver:

openssl req -nodes -newkey rsa:2048 -keyout myserver.key -out server.csr

Please annotation: for ease of utilise, it is recommended that yous replace 'server' with the domain proper noun the certificate will be issued for and similarly do that for the 'myserver' in the fundamental file as well.

At present enter the details for your CSR:

Land Name (2 letter of the alphabet lawmaking) [AU]: GB
State or Province Name (full proper noun) [Some-State]: Surrey
Locality Proper name (eg, city) []: London
Organization Name (eg, company) [Internet Widgits Pty Ltd]: Company Name Pvt Ltd
Organizational Unit Proper noun (eg, section) []: It Department
Mutual Name (eg, YOUR proper noun) []: yourdomain.com
Email Address []:[electronic mail protected]
A claiming password []:
An optional company proper noun []:

Item	Explanation
Country	Ii-alphabetic character ISO code for the state where your organisation is located
State or Province Name	State/region where your organisation is located
Locality Name	City where your organisation is located
System Name	Full legal proper name of your arrangement
Organizational Unit Proper noun	Division of your organization handling the document
Common Name  (server FQDN)	Fully qualified domain proper name (FQDN) of your server
Email accost	An email accost used to contact your system

The primal and certificate will be created and placed in your /etc/apache2/ssl directory. The fields email address, optional company name and challenge countersign can exist left bare. If yous enter '.', the field will be left blank.

The above command will create 2 files.

The myserver.key file is the Private Fundamental, that volition be used for decryption of the SSL/TLS session between a server and a client. It looks like the following if you open the file in a text editor:

—–BEGIN PRIVATE KEY—–
3v9zk……………………… dLxa/southward=
—–END PRIVATE Cardinal—–

Do not share this file and ensure that you accept a backup of the private key every bit information technology is will be incommunicable to install the document without it on the server afterward.

The server.csr file contains the CSR code that you will need to submit during the certificate activation process. The CSR volition look like the following if you open the file in a text editor:

—–Brainstorm CERTIFICATE REQUEST—–
MIIByjCCATMCAQAwgYkxCzAJBgNVBAYTAlVTMRMwEQYDVQQIEwpDYWxpZm9ybmlh
….
—–Cease CERTIFICATE REQUEST—–

Footstep four – Buy or get a trial SSL Document

You lot can either buy an SSL certificate or endeavour out ones that are bachelor for a 90-day trial period. For my own testing purposes, I used Comodo's Free SSL Certificate.

In one case you have generated the CSR, y'all will need to provide it to the certificate authority to issue the SSL document. Earlier the certificate authority issues the SSL certificate, it will demand to validate domain control i.e. that you command the domain for which the certificate is beingness requested. The domain control validation tin can happen in one of 3 ways:

1. Electronic mail based validation

Select the e-mail recipient i.e. the registrar of the domain or the administrative contact of the domain i.east.. webmaster/[e-mail protected].  An e-mail volition be sent to the administrative contact containing a unique validation code and link. Click the link and enter the code to confirm domain command.

2. DNS CNAME based validation

If y'all select this option, and then Comodo will provide you with the hash values which must be entered equally a DNS CNAME record for your domain.

The hashes are to be entered equally follows:

<Value of MD5 hash of CSR>.yourdomain.com. CNAME <value of SHA1 hash of CSR>.comodoca.com.

3. HTTP based validation

If you select this option, so Comodo will provide you a manifestly-text file which needs to exist placed in the root of yourdomain's directory under the binder ".well-known" in sub folder "pki-validation". Please note: the folder proper name is ".well-known". if y'all miss out the dot in front of well-known your validation volition not exist successful.

The file and its content should be as follows:
http://yourdomain.com/.well-known/pki-validation/<Upper case value of MD5 hash of CSR>.txt

On confirmation of domain command, the document authority will issue your SSL document. The SSL certificate will be provided as a zippo file which volition contain the following 2 files:

• ca-bundle
• crt

Y'all demand to copy these files to the directory on your server where you will keep your document and key files past using a FTP program, in our case /etc/apache2/ssl.

Step 5 – Install the SSL Certificate on your webserver

Copy your SSL certificate file (www_yourdomain_com.crt) and the certificate bundle file (www_yourdomain_com.ca-bundle) to your Apache server. Your individual central file should already be on the server from when you generated your certificate request (CSR) at the location /etc/apache2/ssl.

Create 2 additional directories in /etc/apache2/ssl:

sudo mkdir /etc/ssl/certs

1. cardinal – this is where you will store the Private key
2. certs – this is where you will store the .ca-bundle and .crt files received from the certificate authority

Place the files in the respective locations.

Step 6 — Configure Apache to use SSL

Now that you have the certificate and central available on the webserver, let'due south configure Apache to use these files in a virtual host file.

Go to the following location – /etc/apache2/sites-available/ and open the file default-ssl.conf by typing the command:

sudo nano /etc/apache2/sites-available/default-ssl.conf

Without the comments, the file looks like this:

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin [e-mail protected]
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/mistake.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/ssl-cert-snakeoil.pem
SSLCertificateKeyFile /etc/ssl/individual/ssl-cert-snakeoil.cardinal
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars        </FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
BrowserMatch "MSIE [ii-six]"
\ nokeepalive ssl-unclean-shutdown
\ downgrade-ane.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
</IfModule>

We will configure for a virtual host (ServerAdmin, ServerName, ServerAlias, DocumentRoot, etc.) equally well as change the location of where Apache looks for the SSL certificate and primal.

Add together the following item in the file right after "ServerAdmin":

1. ServerName yourdomain.com

Change simply the following items in the file:

1. ServerAdmin [email protected]
2. ServerAlias yourdomain.com
3. DocumentRoot /var/world wide web/yourdomain/
4. SSLEngine on
5. SSLCertificateFile /etc/ssl/ssl.certs/www_yourdomain_com.crt
6. SSLCertificateKeyFile /etc/ssl/ssl.primal/myserver.key
7. SSLCertificateChainFile /etc/ssl/ssl.cert/www_yourdomain_com.ca-bundle

Press Control + 10 so select 'Y' to save your changes.

Step 7 — Activate the SSL Virtual Host

Now that we have configured the SSL-enabled virtual host, we demand to enable it.

Run the following command:

sudo a2ensite default-ssl.conf

You will need to restart the server for the changes to come into effect. Run the following command:

sudo service apache2 restart

This should enable your new virtual host, which will serve encrypted content using the SSL document you created.

Step 8 — Test that yous have set upwardly SSL correctly

Test that your SSL certificate has been correctly installed by going to the following site and entering your URL.

https://www.sslshopper.com/ssl-checker.html

Step 9 – Install the plugin "Really SIMPLE SSL"

The plugin automatically detects your settings and configures your website. Just install the plugin and voila y'all are washed! The site URL and home URL will exist changed to https and all your content http:// urls will be replaced with the https:// urls.

Congratulations … yous have now successfully installed SSL on AWS instance.

Useful links

1. https://world wide web.digitalocean.com/community/tutorials/how-to-create-a-ssl-document-on-apache-for-ubuntu-xiv-04
2. https://www.digicert.com/ssl-certificate-installation-apache.htm
3. https://www.namecheap.com/back up/knowledgebase/commodity.aspx/794/67/how-practice-i-activate-an-ssl-certificate
4. https://www.sslshopper.com/ssl-checker.html
5. https://wordpress.org/plugins/actually-simple-ssl/

Crypto Risk Review

We use this same framework in our monthly issue of adventure assay of popular cryptocurrencies. If you're interested in learning more, contact us or click hither to access the latest issue now.

Source: https://financetrainingcourse.com/education/2016/06/ssl-certificate-install-aws-guide-apache-ubuntu-14-04/

Posted by: richardsonwinget1952.blogspot.com

Share this post