How to Install SSL Certificate on Linux

Installing an SSL certificate on a Linux server is a crucial step for securing your website. Below are the steps to install an SSL certificate on a Linux server using OpenSSL.

Prerequisites

• A Linux server with Apache or Nginx installed.
• Root access to the server.
• SSL certificate and private key files.

Steps

1. Generate a CSR (Certificate Signing Request):

   For Apache, use the following command to generate a CSR:

   openssl req -new -newkey rsa:2048 -nodes -keyout domain.key -out domain.csr
   

   For Nginx, use the following command:

   openssl req -new -newkey rsa:2048 -nodes -keyout /etc/nginx/ssl/nginx.key -out /etc/nginx/ssl/nginx.csr
   

   Fill in the required details for your organization and domain.

2. Submit the CSR to a Certificate Authority (CA):

   Once you have the CSR, submit it to a CA to obtain an SSL certificate. After the CA verifies your domain and organization, they will provide you with the SSL certificate and private key files.

3. Install the SSL Certificate:

   • For Apache, copy the SSL certificate and private key to the appropriate directories:

     cp domain.crt /etc/httpd/ssl/
     cp domain.key /etc/httpd/ssl/
     

     Then, edit the Apache configuration file (httpd.conf) and add the following lines:

     SSLEngine on
     SSLCertificateFile /etc/httpd/ssl/domain.crt
     SSLCertificateKeyFile /etc/httpd/ssl/domain.key
     

   • For Nginx, copy the SSL certificate and private key to the appropriate directories:

     cp domain.crt /etc/nginx/ssl/
     cp domain.key /etc/nginx/ssl/
     

     Then, edit the Nginx configuration file (nginx.conf) and add the following lines:

     server {
         listen 443 ssl;
         ssl_certificate /etc/nginx/ssl/domain.crt;
         ssl_certificate_key /etc/nginx/ssl/domain.key;
         ...
     }
     

4. Restart the Server:

   After installing the SSL certificate, restart your web server to apply the changes.

   • For Apache, use the following command:

     sudo systemctl restart httpd
     

   • For Nginx, use the following command:

     sudo systemctl restart nginx
     

5. Verify the SSL Certificate:

   You can use online tools like SSL Labs' SSL Server Test to verify that your SSL certificate is installed correctly.

   https://www.ssllabs.com/ssltest/analyze.html?host=yourdomain.com
   

   If everything is configured correctly, you should see a "Grade A" or "Grade A+" rating.

For more detailed information on installing SSL certificates on Linux, visit our SSL Certificate Installation Guide.

SSL Certificate