After purchasing a PositiveSSL cert from cheapssls.com go to My SSLs and activate the SSL. First it will ask you to supply the a CSR, to do this log in to your server and enter this command
openssl genrsa -des3 -out server.key 2048
chose a pass phrase to generate a RSA file, followed by:
openssl req -new -key server.key -out server.csr
enter all required information, to generate the CSR file.
Grab the content of the CSR file and copy/paste into the My SSLs activation.
Fill out the following form, receive an email with a verification code, follow the link, paste and activate to receive your certificate files in another followup email.
You should receive a zip file with 3 certificates
- Root CA Certificate - AddTrustExternalCARoot.crt
- Intermediate CA Certificate - PositiveSSLCA2.crt
- Your SSL Certificate - yourDomain.crt
copy paste the contents from those files into a new file on your server yourDomain.ca-bundle
IMPORTANT make sure each -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- is on an individual line with no space between them
create a folder /etc/apache2/ssl and copy 3 files into this directory
- server.key (The RSA file)
- yourDomain.crt (from the email)
- yourDomain.ca-bundle (which we just created)
If not enabled yet run
Create a new site in /etc/apache2/sites-available/yourdomain-ssl.conf
Example vhosts file
and enable that site
service apache2 restart
it will ask you for the RSA passphrase now, enter it and voila
Make sure port 443 is not blocked by the firewall. On AWS you will need to add a outbound rule to the security group you are using