Godaddy is probably the cheapest SSL certificate provide on the web with their root CA present in all the major browsers. I was able to pick up a 12 month SSL certificate for only $12.99 (~£10.00 inc VAT) by following the link HERE
Now on to the good stuff.
- Webserver: Ubuntu 8.04 LTS
- Apache2 with http.conf: /etc/apache2/http.conf
First we need to generate a ‘key’ file that tells our server apart from other servers. You should have openssl installed on your machine, if not, simply type in
sudo apt-get install openssl
Then change to the directory to the place you would like to store everything. In my case, I chose:
mkdir /etc/apache2/ssl kdir /etc/apache2/ssl/certs mkdir /etc/apache2/ssl/private cd /etc/apache2/ssl/private openssl genrsa -out websitename.key 2048
This will spit out a key for our server to create the CSR which is what we need to send to send to Godaddy in order to get the required files to finish the setup. Next we generate a CSR (so in the same directory):
openssl req -new -key websitename.key -out websitename.csr
When filling out the CSR via the terminal it will ask you for several things(Country Name, State or Province, Locality Name, Organization Name, Organizational Unit Name, Common Name, Email Address, and Password) Some of these are optional, but make sure that under Common Name you put your website url (website.com).
Now, we need the contents of this CSR to give to godaddy.
cat websitename.csr
Copy the text and paste it into Godaddy’s CSR pane. Make sure you keep the —Begin— and —End— stuff or else godaddy will reject it. I also chose the Starfield Technologies certificate just because it sounded cooler than Godaddy. Once accepted, you would then download the certificate.
Click on the common name [yourwebsite] then on download. Select Apache server type. This will give you a zip file with two files in it. You need to copy the website.crt to /etc/apache2/ssl/certs and the sf_bundle.crt to /etc/apache2/ssl I used a program called WinSCP to drag and drop these files in there via ssh.
Recap:
Folder Layout >
/etc/apache2/ssl/
-certs
|__ website.crt
-private
|__ website.key
|__ website.csr (Can be deleted)
-sf_bundle.crt
We need to edit our http.conf file to make sure that we have a valid path for the SSL. Here is my Vhost listing for the ssl. As you can see I have added a few extra things to make it play nice. I turned on SSLEngine and included the files for it to work properly. Feel free to copy and paste with minor changes.
<VirtualHost *:443> ServerName example.com ServerAlias example.com SSLEngine on SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire SSLCertificateFile /etc/apache2/ssl/certs/website.crt SSLCertificateKeyFile /etc/apache2/ssl/private/website.key SSLCertificateChainFile /etc/apache2/ssl/sf_bundle.crt DocumentRoot /var/www/www.website.com/htdocs </VirtualHost>
Now when you restart apache:
/etc/init.d/apache2 restart
Hi Jon
I’m trying to setup a godaddy certificate for our new wordpress site. I’m using a turnkeylinux instance. I’m running to all kinds of problems. Would yo be willing to help with this installation as a consultant. I can provide payment through paypal or any other means. It’s just its a very important function that this required by our client
thanx. Im located in reston viriginia
Hi Mohamed,
If you post your issues here perhaps myself, or another reader could assist?
Jon
Hi Jon,
Just wanted to add that it works with VirtualHosts *:443, but only if you have a wildcard SSL certificate. Otherwise you should enter a static IP address (VirtualHosts 192.168.1.2:443).
Unfortunately, though, it doesn’t work with sub-sub-domain names (i.e. two.sub.example.com will not be accepted with the *.example.com certificate.)
Thank you.
Alexis
Thanks for the tutorial. I managed to get my SSL certificate working with my website.
It worked perfectly. Thanks!
Excellent, pleased it was helpful.
Thank you so much for this little tutorial, well written and it worked wonderfully with my website 🙂
Jon, while my comment does not directly pertain to installing the certificate, it may be worth noting that first time installers may need to run the following two commands to enable SSL on their apache installation:
a2ensite default-ssla2enmod ssl
You would run these commands after modifying your VirtualHost section, before issuing a restart.
Thanks!
-baji.
5 minutes to SSL, thanks to you.
You might need to do
sudo a2ensite default-sslThanks for the article — I’ll be trying it out this weekend but have a couple questions before I start.
1) After I have completed all the above steps, am I also supposed to go to the WordPress admin panel Settings > General section and change the ‘WordPress Address URL’ and ‘Site Address URL’ from http://domain.com to https://domain.com?
2) Will my site be accessible to those that have it saved in their bookmarks without the new https address?