The IT resource for this post was Ryan Walker, a Rackspace Hosting Linux Administrator.
The importance of Internet security cannot be overstated. More and more consumers are turning to the Internet for purchases—a goldmine of potential data waiting to be hacked. With SSLs, private user information—such as credit card numbers—are scrambled before transmission and reassembled only with proper decryption keys. Doing so not only secures sensitive customer information, but is also a step in the direction of proper compliance.
Installation of the certificate is relatively straightforward for Linux servers, whether they use a Plesk control panel or not. The following provides a step-by-step process for installing your new or updated SSL certificate in Linux.
Installing SSL on Linux Servers with Plesk
(1) Login to the Plesk Control Panel, select domains, choose the domain to be updated then select the certificates section.
(2) Click “Add New Certificate” icon.
click thumbnail for larger view
(3) In “Certificate Name” box, enter filename you would like cert saved as.
Note: It is helpful to make the names something that is easy to identity, such as year of certificate and domain associated (i.e., 2011-www.my-domain.com).
(4) On your local computer, find the certificate and key files provided by your certificate authority. Open them with a text editor such as NotePad or gedit.
click thumbnail for larger view
(5) Copy the entire contents of each file and paste them in appropriate boxes in Plesk.
Note: Be sure to paste the contents of the files in the appropriate, corresponding boxes.
(6) Click “Send Text” when finished.
(7) Click “Setup” under the “Hosting” section of the domain screen. Choose the new certificate from the drop-down list and click “OK” when finished.
click thumbnail for larger view
Installing SSL on Linux Servers without Plesk
(1) Upload certificate and key files to the server using S/FTP.
(2) Login to the server via SSH and become the root user using the “su —“ command. Give the root password when prompted.
(3) Move the certificate file to /etc/httpd/conf/ssl.crt
(4) Move the key file to /etc/httpd/conf/ssl.key
Note: When trying to move the files, the ssl.crt and/or ssl.key directory may not exist, so you will need to create those first with a mkdir command.
click thumbnail for larger view
(5) You’ll want to ensure security of the files by restricting permission for the key using chmod 0400.
click thumbnail for larger view
(6) Edit the VirtualHost configuration for the domain. This is sually found in etc/httpd/conf.d/ssl.conf
Note: This will edit the SSLCertificateFile and SSLCertificateKeyFile to point to the correct directories with the actual files.
click thumbnail for larger view
(7) Finally, gracefully restart Apache to load the new configuration.
Great article! Here are a few extra tips:
1) Some distros by default still generate 1024-bit keys, which as of early Jan 2011 are not accepted by any Certificate Authority (CA) like Verisign or Godaddy. These are no longer secure. When you generate your CSR (certificate signing request), make sure you generate one with a 2048-bit key or larger.
2) On Ubuntu, the apache directory is “apache2,” not httpd. Otherwise the cert install directions should be pretty much the same.