Install SSL/TLS for Apache on Ubuntu

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
[Music] hi this is amar from ssltrust.com australia and in this video i will be showing you how you can successfully install an ssl certificate on your apache web server using the ubuntu command line interface so let's get started so this is the domain name that we're looking to secure and this is the domain that we've pointed to our server ip address and as you can see this is not yet secure and we're gonna make sure it is so you can do this for a single website hosted on a set on your server or multiple websites hosted on your server the only difference being is the location of the configuration files and the individual virtual host you'll have to create and configure them so in this video we've pointed this domain name to our ip address and this is a single website that we're going to be securing so the first thing that we're going to do is generate a private key and a csr for our certificate now a csr or a customer signing request is nothing but a request initiated by you the client to the certificate authority using your certificate which contains all necessary information such as the domain name any business details which are stored in a hashed form on the technical side it also contains the public key which will be signed by the certificate authority and returned to you in the issued certificate so this was a brief introduction to a csr and the private key you'll need to access your certificate so what we're going to do now is open your favorite uh ssh client we're going to be using solar party for this one and get root access to your server okay we're in the so the prerequisites for this video are that you update your server and install apache on it so it is recommended that you head down to the description of this video and open the written guide so that you'll find all the written commands there and you'll be able to install the certificate with ease so now what we're going to do is check the status of apache first system ctl status apache 2 so the apache web server is running and we're going to clear this up as you can see our domain name is being displayed let's point it to our server so we're good to go you need to make sure that openssl the openssl library is installed on your server so it comes pre-installed in the ubuntu operating system so you can check that by typing open ssl sorry open ssl and space version so if you get a open ssl version then we're good to go it's installed okay so the first thing that we're gonna do is create a directory to store all of our certificate files including our private key and csr now you do not need to create the directory with that exact name or you can use the default directories as specified by apache so to make the directory you can use this command and we're going to name our direct folder as encryption which will be in the edc directory and click on enter so we get to go we'll be storing all of our files in this folder and the command to generate a private key and a csr is sudo ssl so do not wait in case you can't follow me you can always find the written commands in the written description available below this video so click on that and you can follow through then sudo open ssl we're gonna request a new key which will be using the rsa2048 algorithm and this is the place where you specify the directory or the location you wanna save your private key in so let's type in the name of the directory we just created type on space and then uh type in name of your key let's call it server.key space out then the location you want to save your csr to the same and let's call it server.csr if now we can press enter type in okay our private key was successfully created and you need to input in a few details to validate you to like get your csr so the two data abbreviation for your country the name of your state or province the name of your city or town the name of your organization and the organization division for example i.t your domain name your email address you can leave this empty or create a password but make sure to remember it we're gonna just click on enter enter and we're good to go to view your csr you can either navigate to that folder wire cd navigate to the directory sorry or you can just type in the command cat and let's clear this screen up a bit cat and the location of that directory encryption and the name of your csr and this is your certificate sign request you have successfully generated one copy this from the very start to very end however your cursor and press on control c and you could go so you can now successfully order and configure your ssl certificate at your certificate provider or at the ssl plus configuration panel and i'm gonna show you just how to do that okay so we're here at ssltrust.com.eu and we're gonna move on to configure and purchase our certificate so it doesn't matter whether you're an individual a business or an organization because ssl trust has partnerships with all the leading certificate authorities and they provide certificates at a really great price along with great support so for the purpose of this video uh we're going to be going with the most uh the basic form of certificate so you can go on and purchase your certificate for example any kind of whether you need a business certificate a standard certificate an extended validation certificate so i'm going to show you just how to do that so you can click on the commodore positive ssl or the septic or positive ssl you can choose it for one year you can click on buy sell with in whatever country you want currency you want to purchase it and you can click on checkout this is going to cost you 10 bucks in here type in all your d to fill in all these details here and you can pay by either one of these methods and click on complete order once you've successfully purchased your ssl certificate you can head over to the dashboard and view your certificates here so now we're going to click submit our certificate configuration so make sure that you've copied your csr as we did and or save it in a notepad file as you wish depends on you so paste in your csr here and click on verify csr so if your details come up just about right and we're good to go then so server type we're going to choose apache and click on next step so type in all your details here your first name your last name etc your email address and if you are the admin and you have a technical individual doing this for you make sure to include here's a head here's your hair details here too or otherwise we're at the admin and we're installing the certificate so we're going to check this option and we're good to go click on next step so now comes the important part or domain control validation so you have one of three methods to verify the ownership of your domain name the first one is the email method and probably the easiest one you need to have one of these five uh email addresses webmaster there at your domain name.com or admin at yourdomain.com so once you choose this method and click on submit configuration you'll be sent an email by the certificate authority with a link and if you click on that and you should be done with verification and you'll be good to go you'll be like able to proceed easily and the next method is the http file method so in this method you need to navigate to this ready directory and create a file with this name and you need to input these contents into that file and upload them on your server so once you're done with that click on check file to check if this has been read by this server or not then it should be a few minutes until this has successfully been verified by the certificate authority which in this case is sactico and the third or the easiest method that we're going to use is the cname record validation method so you need to head over to your domain registrar and or your hosting provider depending on where your name servers are pointed and head over to dns records there and create a cname record with this ready name pointing to this extension so i'm going to show you just how to do that so our website our server is currently hosted on lynode so we're gonna copy the so we're gonna we've pointed the domain name service to the linold ones as you can see here so you we're gonna add a cname record here go to your dns settings uh depending on whatever domain or hosting provider you have so the host name is gonna be this click on copy and paste it the host name here and the pointing to address is going to be this control c and control v ttl is going to be default the time to load and click on save once you're done with that head back to your certificate configuration and click on check dns record here click on search so our dns record has not propagated yet it is going to take a few minutes up to a few hours depending on your dns service propagation speed but it should be done ideally within a few minutes one thing you can do is submit your configuration for now and our configuration was a success this is our order number and where our status is that we are awaiting validation click here to access the validation manager and this is the validation manager so once your cnn record is not automatically verified which should not be the case you could come back here click on this like check on the method of verification that you've chosen click on that and click on submit so it's done our dns record validation is it was super quick because thanks to lens name service so now you can or if you're lost you can head back to the dashboard again and click on your certificate this is showing this option right now but you will be seeing an option right here called access validation manager so if you ever lost if you cannot see this manager validation manager you can come back and click on the button here or you can keep uh coming back in and check your dns records so that was super quick as you can see it was like under a minute or something and we're good to go okay so now comes the important part which is the installation of our certificate on our server so we're gonna head over to the ssl trust dashboard and collect our certificate click on collect or download certificate and as you can see we have this certificate and intermediate certificate in text format so keep this page open head over to your ssh client again and what we're going to do now is all right we're going to create a new file the certificate file and paste this text content into that so to do that navigate to the directory you've created your or the default directory will win and save the certificate so in in our case it is sudo nano etc encryption and let's name our certificate certificate dot crt so what you're going to do now is come here copy a certificate to clipboard head over to client again and paste it here ctrl x and click on y so we've successfully pasted our certificate so let's do the same for our intermediate certificate now it's recommended that you install your intermediate certificate for improved compatibility with browsers to eliminate uh this is your best chance to eliminate secured extra security warnings that often pop up on websites so we're gonna do just that let's call it intermediate dot crt make sure spelling is good and click on enter get back to the ssl trust website copy intermediate certificate to your clipboard and paste it here ctrl x and save your buffer okay now that we have successfully uploaded our certificate files to our server we're going to move on to configure some ssl settings and enable our ssl certificates so what we're going to do now is create a new file sudo nano and the location is gonna be this so and i have to mention it again that if you're lost you can open the written guide in the next tab and follow with me let's call this file ssl params dot config and click on enter so to do this now you can copy and paste the default ssl parameters and we're going to do just that we have the ssl protocol set up here so click on copy and paste it here ctrl x and save this buffer so now that we've specified the default ssl parameters for the apache web server to follow we need to now update the default ssl configuration file to do that so let's create a backup first so that in case anything goes wrong the apache web server can revert back to that configuration to do that the command is sudo cp edc slash apache2 slash site available and default ssl dot config and let's back it up to slash adc slasher project two sites available and default ssl config dot back and once you're done with that we can now click on enter and we have successfully backed up our file so to change the default ssl configuration we're gonna navigate to the same folder again sudo nano atc patchy two sides available and default ssl dot config let's access this file so you do need to make a few changes here in order for the apache web server to successfully read your files and display them on the client side so what we're going to do now is scroll down at the document root let's add click on enter and add a server name here the server name make sure the snn capital server name is going to be your domain name.com and let's create a server alias so these are some of the changes that you need to make just type in www across your domain name before your domain name and click on enter and that is just about it and navigate to the ssl certificate file and specify the location so we know our location is edc that's encryption where our certificate file is and it's called certificate.crt okay and the private key if you remember is in this same folder so it's encryption on the same directory click on enter and you'll need to add the intermediate certificate for improved compatibility you can still exit but i recommend that you add it to minimize security warnings and improve compatibility with data latest browsers so the command for that is ssl this is capital certificate chain file and the path to that is the same and the encryption intermediate.crt and that's all the changes that you need to make so save the buffer click on yes enter and we're good to go so by adding the missing lines of code you can make sure that the sso configuration is followed by apache that this has these little configurations followed by apache so now what we're going to do now this is kind of optional but i recommend that you add https redirect if you want users landing on the http version of your site they will be automatically redirected to the https version so to do that uh this step is optional but uh most recommended for modern websites so sudo nano let's navigate to that directory apache do sites available and that's called triple zero default dot config so now what do you need to do now here is add the same server name and alias type in your domain name server alias www.youtube.com and now you're gonna scroll down and add a redirect so what we can do now is just about here that's good let's give ourselves some space and we're going to come here and let's type in the command redirect double quotes all redirect all uh non-https traffic or http traffic to https so double quotes again and the https version of your site https goldendoubleslash yourdomainname.com or your ip address whatever so that's it i think and add slash here so we've set up a redirect here now this is a temporary redirect but if you want this to be a permanent one you can just add a permanent here just let's go back and type in permanent here that's it we're doing a temporary direct for now so ctrl x and click on yes and we're good to go let me clear this up we need to enable the ssl module and the mod headers module so let me explain mod ssl so this uh the mod ssl module uh provides ssl v3 and tls version support for the apache http server it relies on openssl to provide strong cryptography by using additional environment variables so to do to do that we're going to type in sudo sudo a2 in enable module ssl so now that we're done with that type in let's enable the header module to sudo so sudo a2 enable module headers so don't activate don't restart the system just now we need to enable a few more things to enable our ssl parameters file you need to type in sudo a2 enable config and the location of the ssl params file as sometimes okay so the next thing that we need to do is enable the virtual host configuration which we created so according to the virtual host we created it was called default ssl and we modified it so we can type in command sudo a2 enable site and default dash ssl so the virtual host configuration will be enabled and now you can check the apache 2 configuration you can type in a command called sudo apache it to ctl config test and if you get this message as if we get the message syntax okay then it's all good and we're we can proceed further so now we can restart apache system ctl restart page it too and now we can proceed to check in on checking on our domain name to see if the ssl was installed type in https colon double slash your domain name.com and we're good to go the ssr the site is now super secure and we've successfully installed our certificate okay this is good sslabs.com and we're gonna test our service ssl configuration so type in your https colon double slash your domain name.com or you can copy and paste it and click on submit so let's wait for the result to come and we've got an a overall rating of a which is pretty good uh let me scroll down and check this out tls the older version of tlsr and ssl disabled which is good and if you get a rating of a it's pretty much uh really good and if you get anything lower than a you should try to uh this cut out the older measures of tls in the ssl parameters file which we just created thanks to our default ssr configuration file we've already done that so you don't need to worry about that you can find it in commands itself and this concludes our video hope you were easily able to install your ssl certificate on your server and if you like this video give it a thumbs up if you've got any questions type please type it in the comments below thanks thanks for watching bye
Info
Channel: SSLTrust
Views: 32,834
Rating: undefined out of 5
Keywords: apache, ubuntu, linux, domains, ssl, tls, install, howto, guide, help, instructions, certificate, hosting, secure, https, padlock, website, domain, https://
Id: zgUshTJa4sc
Channel Id: undefined
Length: 29min 43sec (1783 seconds)
Published: Wed Jun 09 2021
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.