Last Updated: February 25, 2016
· moak

Ubuntu + Apache + OpenSSL, and PositiveSSL from

After purchasing a PositiveSSL cert from go to My SSLs and activate the SSL. First it will ask you to supply the a CSR, to do this log in to your server and enter this command

openssl genrsa -des3 -out server.key 2048

chose a pass phrase to generate a RSA file, followed by:

openssl req -new -key server.key -out server.csr

enter all required information, to generate the CSR file.

Grab the content of the CSR file and copy/paste into the My SSLs activation.

Fill out the following form, receive an email with a verification code, follow the link, paste and activate to receive your certificate files in another followup email.

You should receive a zip file with 3 certificates

  • Root CA Certificate - AddTrustExternalCARoot.crt
  • Intermediate CA Certificate - PositiveSSLCA2.crt
  • Your SSL Certificate - yourDomain.crt

copy paste the contents from those files into a new file on your server

IMPORTANT make sure each -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- is on an individual line with no space between them

create a folder /etc/apache2/ssl and copy 3 files into this directory

  • server.key (The RSA file)
  • yourDomain.crt (from the email)
  • (which we just created)

If not enabled yet run

a2enmod ssl

Create a new site in /etc/apache2/sites-available/yourdomain-ssl.conf
Example vhosts file

<VirtualHost *:443>

        DocumentRoot /var/www/

        SSLEngine on
        SSLCertificateFile /etc/apache2/ssl/yourdomain_com.crt
        SSLCertificateKeyFile /etc/apache2/ssl/server.key
        SSLCertificateChainFile /etc/apache2/ssl/

and enable that site

a2ensite yourdomain-ssl

restart apache
service apache2 restart

it will ask you for the RSA passphrase now, enter it and voila

Make sure port 443 is not blocked by the firewall. On AWS you will need to add a outbound rule to the security group you are using