SSL Certificate stands for Secure Sockets Layer and, in short, it’s the standard technology for keeping an internet connection secure and safeguarding any sensitive data that is being sent between two systems, preventing criminals from reading and modifying any information transferred, including potential personal details. The two systems can be a server and a client (for example, a shopping website and browser) or server to server (for example, an application with personal identifiable information or with payroll information).
HTTPS (Hyper Text Transfer Protocol Secure) appears in the URL when a website is secured by an SSL certificate. The details of the certificate, including the issuing authority and the corporate name of the website owner, can be viewed by clicking on the lock symbol on the browser bar.
Why do Websites need an SSL Certificate?
A website needs an SSL certificate in order to keep user data secure, verify ownership of the website, prevent attackers from creating a fake version of the site, and gain user trust.
Encryption: SSL/TLS encryption is possible because of the public-private key pairing that SSL certificates facilitate. Clients (such as web browsers) get the public key necessary to open a TLS connection from a server’s SSL certificate.
Authentication: SSL certificates verify that a client is talking to the correct server that actually owns the domain. This helps prevent domain spoofing and other kinds of attacks.
HTTPS: Most crucially for businesses, an SSL certificate is necessary for an HTTPS web address. HTTPS is the secure form of HTTP, and HTTPS websites are websites that have their traffic encrypted by SSL/TLS.
In addition to securing user data in transit, HTTPS makes sites more trustworthy from a user’s perspective. Many users won’t notice the difference between an http:// and an https:// web address, but most browsers tag HTTP sites as “not secure” in noticeable ways, attempting to provide incentive for switching to HTTPS and increasing security.
Installation of SSL Certificate
Firstly, enable the mod_ssl and mod_headers modules:
sudo a2enmod ssl
sudo a2enmod headers
Now copy the certificate files to your server
You need to copy below files
- Certificate file
- Key file
- Bundle file
Find the Apache configuration file you need to edit
The location and name of the configuration file can vary from server to server-especially if you’re using a special interface to manage your server configuration.
The Ubuntu server with Apache2 main configuration file for your SSL/TLS site is typically found in /etc/apache2/sites-enabled/your_site_name.
Learn How to Install Apache, PHP, MySQL (LAMP Stack) in Ubuntu
If it’s not found in the ‘sites-enabled’ directory, run the command below.
sudo a2ensite your_site_name
Add <VirtualHost> block for http site
<VirtualHost *:80>
ServerName yourdomain.com
ServerAdmin webmaster@localhost
DocumentRoot /var/www/yourdomain
<Directory /var/www/yourdomain>
Options Indexes FollowSymLinks MultiViews
AllowOverride All
Require all granted
</Directory>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
</VirtualHost>
Then add the below code to enable SSL on website
<VirtualHost *:443>
DocumentRoot /var/www/yourdomain
ServerName yourdomain.com
SSLEngine on
SSLCertificateFile /var/www/path_to_certificate
SSLCertificateKeyFile /var/www/path_to_key
SSLCertificateChainFile /var/www/path_to_bundle
</VirtualHost>
Make sure to adjust the file names to match your certificate files.
- SSLCertificateFile is your DigiCert certificate file (e.g., your_domain_name.crt).
- SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., your_private.key).
- SSLCertificateChainFile is the DigiCert intermediate certificate file (e.g., DigiCertCA.crt)
Test your Apache2 configuration
sudo apachectl configtest
If everything ok then you can restart the Apache server.
If any error then check the log file to identify the issue. Some of the error can be due to error in file path/name, bundle is not matching with certificate etc.
sudo systemctl restart apache2
Test the SSL on browser by visiting your site with the secure https URL (i.e., go to https://www.example.com not http://www.example.com).
For best results, make sure to close your web browser first and then re-launch it.
Be sure to test your site with more than just Internet Explorer. IE downloads missing intermediate certificates; whereas, other browsers give an error if all the certificates in the certificate chain aren’t installed properly.