If you require an SSL certificate for your website, that obviously will be running on Apache, if you have an externally facing website, I would highly recommend you use Certbot - this will automatically renew the certificate with the let encrypt certificate of authority.
However, like this example sometimes we need to use specific certificate authorities on the Internet that don’t support automated certificate renewal, however, that list will be quite short in today’s technological age, or you need to generate a certificate from your in internal certificate authorities.
Firstly, We need to get the understanding of what you need to do to get the certificate working, this will contain binding the SSL certificate and redirecting non-SSL traffic to the SSL website.
Generate Certificates
I accomplish this particular goal using windows as our certificate Authorities run windows, so it’s easier to use the management console or Digicert to the certificate.
If you are using the Windows management console, it will do the whole process for you by generating the CSR on the information you give it sending that to the server and then merging the response so you get a complete certificate.
Note : If you use Digicert Or any other utility that gives you a CSR (Certificate signing request) Remember that the private key for that certificate remains on the server you generated it from, so you need to remember to export that CA response to the same server.
Copy over certificates
Site Certificate: /etc/ssl/certs/sitex.crt
Sure Private Key: /etc/ssl/certs/sitex.key
Certificate Authority's Certificate: /etc/ssl/certs/cachain.crt
Enable SSL Module
a2enmod ssl
Create VirtualHosts HTTPS file
Note : This file will be stored in /etc/apache2/sites-available and I have called this sitex-ssl.conf
<IfModule mod_ssl.c>
<VirtualHost *:443>
ServerAdmin skeletor@bythepowerofgreyskull.com
ServerName bythepowerofgreyskull.com
ServerAlias sitex.bythepowerofgreyskull.com
DocumentRoot /var/www/html
SSLEngine on
SSLCertificateFile /etc/ssl/certs/sitex.crt
SSLCertificateKeyFile /etc/ssl/private/sitex.key
SSLCertificateChainFile /etc/ssl/certs/cachain.crt
<Directory /var/www/html/>
Options FollowSymlinks
AllowOverride All
Require all granted
</Directory>
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/ssl_access.log combined
</VirtualHost>
</IfModule>
Create VirtualHosts HTTP file
Note : This file will be stored in /etc/apache2/sites-available and I have called this sitex-http.conf
<VirtualHost *:80>
ServerAdmin skeletor@bythepowerofgreyskull.com
ServerName bythepowerofgreyskull.com
ServerAlias sitex.bythepowerofgreyskull.com
DocumentRoot /var/www/html
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Enable site config
We now need to enable the configuration files we have just created like this:
a2ensite sitex-ssl.conf
a2ensite sitex-http.conf
Enable SSL Module
If you do this and you have no TCP:443 binding that means usually you have not enabled SSL in Apache, so complete that use this command:
a2enmod ssl
Restart Apache to make the changes live and active with this:
systemctl reload apache2
Add re-direct to HTTPS to HTTP configuration file
Note : This file will be stored in /etc/apache2/sites-available and I have called this sitex-http.conf and you need to add the line in bold.
<VirtualHost *:80>
ServerAdmin skeletor@bythepowerofgreyskull.com
ServerName bythepowerofgreyskull.com
ServerAlias sitex.bythepowerofgreyskull.com
DocumentRoot /var/www/html
Redirect "/" "https://sitex.bythepowerofgreyskull.com/"
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>