Beruflich Dokumente
Kultur Dokumente
For Apache instructions, see Apache: Create CSR & Install SSL Certificate (OpenSSL). For other
OS/platform instructions, see Create a CSR (Certificate Signing Request).
You can use these instructions to create OpenSSL CSRs and install all types of DigiCert SSL
certificates on your Ubuntu server with Apache2: Standard SSL, EV SSL, Multi-Domain SSL, EV
Multi-Domain SSL, and Wildcard SSL.
1. To create your certificate signing request (CSR), see Ubuntu with Apache2: Creating Your
CSR with OpenSSL.
2. To install your SSL certificate, see Ubuntu with Apache2: Installing & Configuring Your
SSL Certificate.
3. Generate Files
1. You've now started the process for generating the following two files:
• Private-Key File: Used to generate the CSR and later to secure and verify
connections using the certificate.
• Certificate Signing Request (CSR) file: Used to order your SSL certificate
and later to encrypt messages that only its corresponding private key can
decrypt.
2. When prompted for the Common Name (domain name), type the fully qualified
domain (FQDN) for the site that you are going to secure.
Note: If you're generating an Apache CSR for a Wildcard certificate, make sure
your common name starts with an asterisk (e.g., *.example.com).
How to Install and Configure the SSL Certificate on Your Ubuntu Server with
Apache2
1. Copy the certificate files to your server.
1. Log in to your DigiCert account and download the intermediate (DigiCertCA.crt)
and your primary certificate (your_domain_name.crt) files.
2. Copy these files, along with the .key file you generated when creating the CSR, to
the directory on the server where you keep your certificate and key files.
Note: Make them readable by root only to increase security.
Run the following command to test your configuration file (on some systems, it's
apache2ctl):
apachectl configtest
6. Restart Apache2.
You can use apachectl commands to stop and start Apache2 with SSL support.
apachectl stop
apachect1 start
Restart Notes:
If Apache2 doesn't restart with SSL support, try using apachectl startssl instead of
apachectl start. If SSL support only loads with apachectl startssl, we recommend you
adjust the apache startup configuration to include SSL support in the regular apachectl start
command. Otherwise, your server may require you to manually restart Apache2 using
apachectl startssl in the event of a server reboot. This usually involves removing the
<IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.
Install Apache2
1. Replace 'default-ssl' with the real site name you set up in /etc/apache2/sites-available/.
2. Once the site listed in the command above is enabled, the site appears in /etc/apache2/sites-
enabled.
Cipher Suite
• Once you run the sudo a2enmod ssl command, edit the ssl.conf file in /etc/apache2/mods-
enabled.
• If you haven't run the a2enmod command yet, preconfigure the ssl.conf file in
/etc/apache2/mods-available.
DigiCertCA.crt
https://www.digicert.com/csr-ssl-installation/apache-
openssl.htm#ssl_certificate_install
SSLCertificateFile /your/path/to/moodle-uo_hosting_uniba_it.crt
SSLCertificateKeyFile /your/path/to/moodle-uo_hosting_uniba_it.key
SSLCertificateChainFile /your/path/to/DigiCertCA.crt
https://www.digicert.com/help/