How to Install an SSL Certificate on a Debian Server?
Are you looking to implement an SSL certificate on your Debian server but lack the know-how? Fret not, as we are here to lend a helping hand.
You can easily follow a simple six-step procedure outlined below:
- Storing the Certificates on the Debian Server
- Locating and Accessing the Apache Server
- Customizing the Virtual Host Block
- Inspecting and Saving the Virtual Host Block
- Inspecting for Potential Issues
- Restarting the Server
However, before delving into the installation process, it is crucial to fulfill a prerequisite: CSR Generation. With that said, let’s commence the process right from the start to gain a comprehensive understanding.
Generate Certificate Signing Requests for Debian Server
To generate a CSR, there are two options available, and you can choose either one:
- Utilize a CSR Generator tool to generate the CSR automatically.
- Manually create the CSR.
Note:
- Ensure that all the information in the manually generated CSR is accurate. Any inaccuracies may lead to the Certificate Authority (CA) declining to sign the certificate.
- The duration for certificate files to reach you may differ, depending on the type of validation you have selected for your website.
Once this prerequisite is completed, let’s move to the main task- installing the SSL certificate on Debian.
Install SSL certificate on Debian Server
To enhance clarity, let’s examine the installation process through a series of sequential steps:
Step-1: Storing the Certificates on the Debian Server
- Open the .zip folder (which you received from the CA in your e-mail) and extract the certificate files (root certificate & intermediate certificate files).
- Store these files in a designated directory on your Debian server.
Step-2: Locating and Accessing the Apache Server
- Locate and edit the Apache .config file. (Location – /etc/apache2/sites-enabled/your_site_name).
- If you can’t find it – use the sudo a2ensite your_site_name command to do so.
- Once located, open the file.
Step-3: Customizing the Virtual Host Block
Locate the Virtual Host in the Apache .config file. By default, it appears something like this:
<VirtualHost *:443>
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key
SSLCertificateChainFile /path/to/yourdomain.ca-bundle
</VirtualHost>
Adjust the block with your SSL certificate details:
- SSLCertificateFile: Specify the server location of your SSL certificate.
- SSLCertificateKeyFile: Provide the server location of your private key file.
- SSLCertificateChainFile: Enter the server location of your intermediate certificate/ca-bundle file.
Note:
- If the SSLCertificateFile command does not function, you can utilize SSLCACertificateFile instead.
- Ensure the ca-bundle file is correctly structured, placing the intermediate and root certificates first.
Step-4: Inspecting and Saving the Virtual Host Block
Carefully review the Virtual Host block in the .config file for any errors or potential issues. Verify each line to ensure accuracy and proper configuration. Once you have thoroughly checked and confirmed that everything appears to be in order, proceed to save the file.
Step-5: Inspecting for Configuration Errors
Execute the command “apachectl configtest” to scan for configuration errors. If any issues are detected, restart the installation process from Step 1. However, if no errors are found, move forward, and take the last step.
Step-6: Restarting the Server
Restart your server by using these commands in the order given below:
- apachectl stop
- apachectl start
How to Test the SSL Installation Status in Debian?
To verify the installation status, utilize SSL testing tools like SSL Checker. These tools can quickly identify any vulnerabilities or potential errors. By utilizing such a tool, you can receive a comprehensive report that provides detailed information regarding any issues that may be present.