To install an SSL certificate on linux-like servers without using a control panel, SSH into your web server and run an openssl command to generate a CSR (Certificate Signing Request). The CSRidentifies which server will use your certificate, as well as the domain names (common names) you’ll use for the certificates.
The command will generate a .csr file and its related private .key file. For example, to generate a 2048-bit CSR:
$ openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Should you wish to generate a 4096-bit CSR, simply pass in 4096
instead of 2048
.
$ openssl req -new -newkey rsa:4096 -nodes -keyout yourdomain.key -out yourdomain.csr
When running the command and before the the .csr file is generated, you’ll be prompted to fill out the following information:
After filling out the information, the CSR and private key files will be created. You will need to download the CSR and supply it to your chosen CA (Certificate Authority) in order to apply for a certificate.
When you have received this certificate file from the CA, usually a .crt
file, you’ll be ready to secure your domain. Ensure you upload the .crt file onto your server and make a note of the directory you upload it to.
If your website runs on an Apache, you’ll need to modify your virtual hosts (vhosts) configuration to include the certificate and private key file.
<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/html
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/yourdomain.crt
SSLCertificateKeyFile /path/to/yourdomain.key
</VirtualHost>
If running Nginx, modify the relevant configuration .conf
file.
server {
listen 443;
ssl on;
ssl_certificate /path/to/yourdomain.crt;
ssl_certificate_key /path/to/yourdomain.key;
server_name yourdomain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /var/www/html;
index index.html;
}
}