Installing an SSL certificate from a vendor

[aysiu]

Does anyone have a good tutorial for dummies on using commercial SSL certificates on a Ubuntu server?

I see a lot of tutorials for self-signed certificates, but not a lot for commercial ones.

I guess something like this, except for Ubuntu, instead of CentOS.

Thanks in advance!

[koenn]

as for a webserver, to run a https site? or more general than that ?

[aysiu]

Yes, for https

[sandyd]

Yes, for https

What server software and SSL Certificate provider
Some have intermediary certificates (e.x. Globalsign AlphaSSL) that you have to combine, depending on what webserver software you are using

[CharlesA]

What server software and SSL Certificate provider
Some have intermediary certificates (e.x. Globalsign AlphaSSL) that you have to combine, depending on what webserver software you are using

In addition to this, the CA I use offers some excellent instructions for both Apache and Nginx.
http://www.startssl.com/?app=20

But yeah, it would help to know what web server you are running and which CA (mine needs to have an intermediary cert added to the public one).

[aysiu]

Ubuntu Server 13.10 and Network Solutions. I don't really need a lot of hand-holding... just a solid tutorial you can link me to. Thanks!

[CharlesA]

Ubuntu Server 13.10 and Network Solutions. I don't really need a lot of hand-holding... just a solid tutorial you can link me to. Thanks!

Are you using Apache on this box?

If so they have some instructions here, but they are kinda lacking.

The procedure is similar to the link I posted above from startssl, but I find their documentation easier to understand.

check this page out too:
http://www.unixmen.com/install-apache-ssl-ubuntu-13-10/

[aysiu]

Unfortunately, neither of those works. I did check out the official Network Solutions instructions, but they didn't seem to work. The second link seems to be just a self-signed non-commercial certificate. Thanks, though.

[CharlesA]

What error were you getting when you tried using the official documentation?

[koenn]

Ubuntu Server 13.10 and Network Solutions. I don't really need a lot of hand-holding... just a solid tutorial you can link me to. Thanks!

I don't have a tutorial handy, but maybe you can write one afterwards
Essentially, it's the same as the tutorials you find about https with self-signed certs/private PKI, minus all the hasle to create the certificates. It's just that you have to know where the PKI stuff ends and the webserver config begins. I think that's your problem.

Mostly from memory so possibly incomplete but it'll get you started and there's bound to be people here who can fill in the gaps :

Asuming Ubuntu server and apache :

- enable apache ssl module

Code:

a2enmod ssl

- get certificates from a CA
- copy the certificates to your webserver.
where should you put them ? I've seen documentation that says /etc/ssl/certs and /etc/ssl/private or something, and other that says /etc/apache2/ssl
if you're just doing web, I'd go with /etc/apache2/ssl

- create a suitable virtual host definition, eg by editing /etc/apache2/sites-available/default-ssl
comment out or delete the part that references the certificates, and replace those with the paths and filenames of your certs (the ones you copied in the previous step)

Code:

        SSLCertificateFile    /etc/ssl/certs/ssl-cert-snakeoil.pem
        SSLCertificateKeyFile /etc/ssl/private/ssl-cert-snakeoil.key

This is the tricky part : depending on what certificates you got, you may also need to describe tho whole "chain of trust" with

Code:

SSLCertificateChainFile      /etc/ ... /some_intermediate_cert

It's likely the CA that supplied your certificates has more detailed instructions on this.
The Centos tutorial may be of help too - this is not going to differ significantly between distros, it's just a matter telling apache where to find the files


-enable the default https site (or the one you created) :

Code:

 a2ensite default-ssl

- restart apache

Code:

service apache2 restart

obviously, all of this is work for root, so you need to "sudo" all the commands.