Installing Comodo Positive SSL Certs on Apache Ubuntu 14.04
If you are looking to do basic SSL encryption on your website, I recommend using SSL certificated from Namecheap. The most basic certificate is just $9 (USD). The process of buying a certificate is easy enough, but it can be hard to find good, basic instructions on how to install the certificate. That seems to always take a little more research than what's necessary.
Today I walked through installing a Namecheap Comodo Positive SSL certificate one more time. To your benefit, and in an effort to help me remember the process, here are the steps I took to install the certificate on Ubuntu 14.04. My server currently runs Apache 2.4.
Step 1: Enable mod_ssl for Apache
If you are familiar with the a2enmod utility packaged with Ubuntu, enabling the mod_ssl module is pretty simple. Just type this command into your server's terminal. After it executes, you'll need to restart Apache.
sudo a2enmod ssl
Step 2: Edit Your Virtual Server Configuration
Once you have the mod_ssl module enabled, you'll need to add the following lines to your vhost file. It is usually located at /etc/apache2/sites-available/yourdomain.com.
<VirtualHost *:443> SSLEngine On SSLCertificateFile /etc/apache2/ssl/yourdomain_com.crt SSLCertificateKeyFile /etc/apache2/ssl/yourdomain_com.key SSLCACertificateFile /etc/apache2/ssl/yourdomain_com.cer ServerAdmin firstname.lastname@example.org ServerName www.yourdomain.com DocumentRoot /var/www/yourdomain.com/public_html/ ErrorLog /var/www/yourdomain.com/logs/error.log CustomLog /var/www/yourdomain.com/logs/access.log combined </VirtualHost>
Take Note: This configuration change is for port 443 traffic, not port 80 traffic. Adding the SSL declarations to your port 80 server configs will not work. The VirtualHost info you see above is an addendum to any preexisting configuration file.
Also, when looking at the code example above, it is really the lines 3–5 that are important. They highlight the files your server needs to use for SSL encryption. Let me describe those files for you.
This is the actual SSL certificate, and Comodo names it after your domain, so it should be called something like yourdomain_com.crt. Add it to the correct directory on your server (/etc/apache2/ssl/) and make sure line 3 of your vhost file points to it.
After you generated your CSR for the SSL issuer, you got a key file in return. Add that file to the same folder as your SSL certificate and make sure line 4 of your vhost config file points to it.
This is the tricky file. After Comodo sends you a zip file with the individual CRT files, you need to concatenate a couple of them into one file. Here's an example of the command I used to make that happen.
cat COMODORSADomainValidationSecureServerCA.crt AddTrustExternalCARoot.crt > yourodmain_com.cer
These file names may not exactly match what was provided by your certificate issuer.
After you've got these three files ready to go, you'll just need to add them to the file locations declared in the vhost file we edited earlier. After you've moved the files and double-checked your Apache configuration files, you'll need to restart Apache.
Final vhost File
Just to help, here is an example of a working vhost file I have running. I'll admit that it isn't the cleanest way to do it, but it gets the job done.