## 20200111 AK
----
[[HowToDocuments/ServerSSLWithDebian/CZ|česky]] | [[HowToDocuments/ServerSSLWithDebian/CY|cymraeg]] | [[HowToDocuments/ServerSSLWithDebian/DE|deutsch]] | '''english''' | [[HowToDocuments/ServerSSLWithDebian/ES|español]] | [[HowToDocuments/ServerSSLWithDebian/FR|français]] | [[HowToDocuments/ServerSSLWithDebian/NL|nederlands]] | [[HowToDocuments/ServerSSLWithDebian/PT|português]] --- [[HowToDocuments|more step by step tutorials]]
----
== Set up a SSL certificate with Debian (step by step tutorial) ==
This is how about to set up a SSL certificate on your server and running with it, using apache 2.4 on Debian GNU/Linux.
All of the following tasks are done as root, from the command line:
* change to the /etc/apache/ssl directory (note, this might be Debian specific):
'''cd /etc/apache/ssl'''
* create a private key:
'''openssl genrsa -out supersecret.key 4096'''
* generate a certificate request from that key:
'''openssl req -key supersecret.key -new'''
Answer the questions as follows (hit ''Enter'' after each answer):<
>
Country Code: (see: [[https://www.iso.org/obp/ui/#search]])<
>
State or Province: I put the province I live in<
>
Locality name: I put the city I live in<
>
Organization Name: I put a dot (period) which leaves the entry blank<
>
Organizational Unit: I put a dot<
>
Common Name: I put the fully qualified name of my server.<
>
Email Address: I put my email address<
>
challenge password: I left this blank<
>
optional company name: I left this blank<
>
* This generates a certificate request, and displays it on the screen. Copy and paste it into the [[https://secure.cacert.org/account.php?id=10|Server Certificates - New]] form.<
>
* CACert will then generate a certificate. Copy and paste this to a file on the server. Because I'm using debian, the proper location for this file is:
'''/etc/apache2/ssl'''
* Save the certificate as a file in that directory called myserver.crt
* Next, download the intermediate certificate from CACert: and save it in the same directory (/etc/apache2/ssl). Also, download the CACert Class 1 certificate and save it in the same directory.
* Combine the secret key, your server's certificate, and the intermediate and root certificates into one file:
'''cat supersecret.key myserver.crt class3_x14E228.crt root_X0F.crt > myserver.pem'''
* Change the permissions so nobody else can read that pem file:
'''chmod 600 myserver.pem'''
NOTE: This is for Apache greater than version 2.4.8. If you have an older version, the intermediate and root certificates go in a separate file called the chain file.
* Edit the apache ssl config file (/etc/apache2/sites-available/default-ssl.conf) (again, this is Debian-specific), and specify the SSLCertificateFile location.
NOTE, if you would prefer to not put the secret key in the pem file, specify the SSLCertificateKeyFile as well. I prefer to keep everything all together in one pem file. If you are using Apache less than 2.4.8, specify the chain file that includes the CACert intermediate and root certificates with SSLCertificateChainFile.
* Enable the ssl site:
'''a2ensite default-ssl'''
* Restart Apache
'''apache2ctl graceful'''
That's it, now your server is up and running with a SSL certificate from CACert.org.
Here's a similar tutorial for Ubuntu: https://www.digitalocean.com/community/tutorials/how-to-create-a-ssl-certificate-on-apache-for-ubuntu-14-04
Source: BM/15
----
. CategoryTutorials
. CategoryStepByStep