Share this blog!

Installing SSL certificate on a site hosted on an Apache VPS

I have been using a VPS in which I have hosted a JSP project and after spending quite a long time on the internet, I found the correct way to install the SSL certificate I bought. It is always better to follow the instructions of your certificate provider, but sometimes, these instructions can be somewhat misleading, with popular assumptions such as owning a perfect machine or having an expert knowledge on the prerequisites. In this post, I will be trying to loosen up some such problems but feel free to comment any suggestions or remarks.


The scenario


I have Tomcat 8.5 running on my VPS with Apache server and in that, I have deployed a web app on the root (Let's say http://mysitesname.com/).

Creating the CSR


When you are purchasing an SSL certificate, you will be prompted to input a CSR code which can be easily generated using OpenSSL by running the following command on the command line:

openssl req -new -newkey rsa:2048 -nodes -keyout server.key -out server.csr

This command will generate two files (server.key and server.csr. Never give away your private key ie server.key)

Once you upload the CSR code to the certificate provider, you will be asked to activate it. (Eg: you might need to place a certain file at the root of the site, respond with an admin email etc)

Once the SSL is activated, then only you can install it.

Installing the SSL


I purchased a Comodo SSL certificate and since I selected a PositiveSSL, I could download 3 files such as:
  • mysitesname_com.crt
  • mysitesname_com.p7b
  • mysitesname_com.ca-bundle
Let's say I downloaded those files on a folder names /home/ssl on the VPS and I copied the previously created CSR and Key files into the same folder for convenience.

Installing SSL on Apache vs Tomcat

I spent an annoyingly long time on trying to install SSL on tomcat and then realized that according to my requirement, where I had to install was on Apache. It's basically because that I had previously modified my Apache's virtualhosts file to direct to the deployed webapp. So even though the running webapp was deployed on Tomcat, the http was provided by Apache. It is because Apache is an HTTP Server, serving HTTP while Tomcat is a Servlet and JSP Server serving Java technologies. Tomcat is a servlet container. A servlet, at the end, is a Java class. JSP files (which are similar to PHP, and older ASP files) are generated into Java code (HttpServlet), which is then compiled to .class files by the server and executed by the Java virtual machine.

Once the certificate files are stored on the VPS, its only a matter of modifying Apache's virtualhosts. Since my VPS is Ubuntu, the file I must modify is /etc/apache2/sites-enabled/mysitesname.com.conf. The filename and the path may vary according to the OS installed.

The file already contained a virtual host on port 80. For this purpose a new host entry must be added on port 443 as follows:

Listen 443

<VirtualHost _default_:443>

        ServerName mysitesname.com

        SSLEngine on

        SSLCertificateFile "/home/ssl/mysitesname_com.crt"

        SSLCertificateKeyFile "/home/ssl/server.key"

        SSLCACertificateFile "/home/ssl/mysitesname_com.ca-bundle" 

</VirtualHost>

Since I had set my webapp to be hosted on the root, my previous settings too had to be added, after which the complete entry will look like the following:

Listen 443

<VirtualHost _default_:443>

        ServerName mysitesname.com

        SSLEngine on

        SSLCertificateFile "/home/ssl/mysitesname_com.crt"

        SSLCertificateKeyFile "/home/ssl/server.key"

        SSLCACertificateFile "/home/ssl/mysitesname_com.ca-bundle"

        ProxyPreserveHost On

        ProxyPass / http://mysitesname.com:8080/

        ProxyPassReverse / http://mysitesname.com:8080/

</VirtualHost>


Redirecting to HTTPS

In order to redirect your domain traffic to your https domain, add the following in your conf file.

Listen 443

<VirtualHost *:80>

        RewriteEngine On 

        RewriteCond %{HTTPS} off 

        RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

After the conf file is modified, restart the server using service apache2 restart.

If it generates an error saying Invalid command 'SSLEngine' , you will have to enable the ssl module from the commons package by running sudo a2enmod ssl and restart again.

That's it! Try browsing the site with https and ensure it is installed correctly.


Next PostNewer Post Previous PostOlder Post Home

1 comment: