Godaddy is probably the cheapest SSL certificate provide on the web with their root CA present in all the major browsers. I was able to pick up a 12 month SSL certificate for only $12.99 (~£10.00 inc VAT) by following the link HERE
Now on to the good stuff.
- Webserver: Ubuntu 8.04 LTS
- Apache2 with http.conf: /etc/apache2/http.conf
First we need to generate a ‘key’ file that tells our server apart from other servers. You should have openssl installed on your machine, if not, simply type in
sudo apt-get install openssl
Then change to the directory to the place you would like to store everything. In my case, I chose:
mkdir /etc/apache2/ssl kdir /etc/apache2/ssl/certs mkdir /etc/apache2/ssl/private cd /etc/apache2/ssl/private openssl genrsa -out websitename.key 2048
This will spit out a key for our server to create the CSR which is what we need to send to send to Godaddy in order to get the required files to finish the setup. Next we generate a CSR (so in the same directory):
openssl req -new -key websitename.key -out websitename.csr
When filling out the CSR via the terminal it will ask you for several things(Country Name, State or Province, Locality Name, Organization Name, Organizational Unit Name, Common Name, Email Address, and Password) Some of these are optional, but make sure that under Common Name you put your website url (website.com).
Now, we need the contents of this CSR to give to godaddy.
Copy the text and paste it into Godaddy’s CSR pane. Make sure you keep the —Begin— and —End— stuff or else godaddy will reject it. I also chose the Starfield Technologies certificate just because it sounded cooler than Godaddy. Once accepted, you would then download the certificate.
Click on the common name [yourwebsite] then on download. Select Apache server type. This will give you a zip file with two files in it. You need to copy the website.crt to /etc/apache2/ssl/certs and the sf_bundle.crt to /etc/apache2/ssl I used a program called WinSCP to drag and drop these files in there via ssh.
Folder Layout > /etc/apache2/ssl/ -certs |__ website.crt -private |__ website.key |__ website.csr (Can be deleted) -sf_bundle.crt
We need to edit our http.conf file to make sure that we have a valid path for the SSL. Here is my Vhost listing for the ssl. As you can see I have added a few extra things to make it play nice. I turned on SSLEngine and included the files for it to work properly. Feel free to copy and paste with minor changes.
<VirtualHost *:443> ServerName example.com ServerAlias example.com SSLEngine on SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/apache2/ssl/certs/website.crt SSLCertificateKeyFile /etc/apache2/ssl/private/website.key SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt DocumentRoot /var/www/www.website.com/htdocs </VirtualHost>
Now when you restart apache: