How to Install an SSL Certificate on a Debian Server?

Quick Guide to Install SSL Certificate on Debian Server

Are you looking to implement an SSL certificate on your Debian server but lack the know-how? Fret not, as we are here to lend a helping hand. You can easily follow a simple six-step procedure outlined below:

• Storing the Certificates on the Debian Server
• Locating and Accessing the Apache Server
• Customizing the Virtual Host Block
• Inspecting and Saving the Virtual Host Block
• Inspecting for Potential Issues
• Restarting the Server

However, before delving into the installation process, it is crucial to fulfill a prerequisite: CSR Generation. With that said, let’s commence the process right from the start to gain a comprehensive understanding.

Generate Certificate Signing Requests for Debian Server

To generate a CSR, there are two options available, and you can choose either one:

• Utilize a CSR Generator tool to generate the CSR automatically.
• Manually create the CSR.

Note:

• Ensure that all the information in the manually generated CSR is accurate. Any inaccuracies may lead to the Certificate Authority (CA) declining to sign the certificate.
• The duration for certificate files to reach you may differ, as it depends upon the type of validation you have selected for your website.

Once this prerequisite is completed, let’s move to the main task- installing the SSL certificate on Debian.

Install SSL certificate on Debian Server

To enhance clarity, let’s examine the installation process through a series of sequential steps:

Step-1: Storing the Certificates on the Debian Server

• Open the .zip folder (which you received from the CA in your e-mail) and extract the certificate files (root certificate & intermediate certificate files).
• Store these files in a designated directory on your Debian server.

Step-2: Locating and Accessing the Apache Server

• Locate and edit the Apache .config file. (Location – /etc/apache2/sites-enabled/your_site_name).
• If you can’t find it – use the sudo a2ensite your_site_name command to do so.
• Once located, open the file.

Step-3: Customizing the Virtual Host Block

Locate the Virtual Host in the Apache .config file. By default, it appears something like this:

<VirtualHost *:443>
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key
SSLCertificateChainFile /path/to/yourdomain.ca-bundle
</VirtualHost>

Adjust the block with your SSL certificate details:

• SSLCertificateFile: Specify the server location of your SSL certificate.
• SSLCertificateKeyFile: Provide the server location of your private key file.
• SSLCertificateChainFile: Enter the server location of your intermediate certificate/ca-bundle file.

Note:

• If the SSLCertificateFile command does not function, you can utilize SSLCACertificateFile instead.
• Make sure that the ca-bundle file is correctly structured, placing the intermediate certificate first and then the root certificate.

Step-4: Inspecting and Saving the Virtual Host Block

Carefully review the Virtual Host block in the .config file for any errors or potential issues. Verify each line to ensure accuracy and proper configuration. Once you have thoroughly checked and confirmed that everything appears to be in order, proceed to save the file.

Step-5: Inspecting for Configuration Errors

Execute the command “apachectl configtest” to scan for configuration errors. If any issues are detected, restart the installation process from Step 1. However, if no errors are found, move forward, and take the last step.

Step-6: Restarting the Server

Restart your server by using these commands in the order given below:

1. apachectl stop
2. apachectl start

How to Test the SSL Installation Status in Debian?

To verify the installation status, utilize SSL testing tools like SSL Checker. These tools can quickly identify any vulnerabilities or potential errors. By utilizing such a tool, you can receive a comprehensive report that provides detailed information regarding any issues that may be present.