How to install SSL Certificate?

 

1. First, go to your SSL Certificates Dashboard. Choose "SSL Certificates" in the "Services" menu.

 

2. Add new certificate by clicking the blue button "Add cert" or orange button "Get now certificate" if you don't have any certificates yet.

 

3. Fill all fields of the CSR generator with your data and press the button "Generate". If you have generated your CSR before, then press the green button "Already have CSR", enter it and press the button "Read my CSR".

 

OR

 

4. Check if everything is correct and press the button "Confirm and Apply CSR".

 

5. Select what e-mail you want to use to get your COMODO Validation Mail. Check your inbox, open the letter and follow the instruction COMODO have sent to you.

 

6. After that you will be redirected to your CleanTalk SSL Dashboard again. Press the button "Checkout" to purchase created certificate.

 

7. Choose time period and currency using pop-down menus over the table and make a payment.

 

 

8. After successful validation, the status in your CleanTalk Control Panel will be changed to "Active". Your SSL Certificate is ready to be used.

 

9. Set up your web server. Setup instructions for Nginx and Apache see below.

 

> > > Please, keep in mind the following information.

> > > If you use a Virtual Hosting and don't have access to your Web Server Command Line you can contact your Hosting Service Support and they will install your certificate for you.

 

 

 

Nginx Web Server

 

Combine everything for nginx:

  1. Combine crt files into a bundle (the order matters, here):

cat www_example_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

 

  2. Store the bundle wherever nginx expects to find it:

mkdir -p /etc/nginx/ssl/example_com/ mv ssl-bundle.crt /etc/nginx/ssl/example_com/

 

  3. Ensure your private key is somewhere nginx can read it as well:

mv example_com.key /etc/nginx/ssl/example_com/

 

  4. Make sure your nginx config points to the right cert file and to the private key you generated earlier:

server { listen 443;

ssl on; ssl_certificate /etc/nginx/ssl/example_com/ssl-bundle.crt; ssl_certificate_key /etc/nginx/ssl/example_com/example_com.key;

# side note: only use TLS since SSLv2 and SSLv3 have had recent vulnerabilities ssl_protocols TLSv1 TLSv1.1 TLSv1.2;

# ...

}

 

  5. Restart nginx.

 

Apache Web Server

 

Apache on Ubuntu 14.04.

 

Make a backup of your configuration file by copying it. Assuming your server is running on the default virtual host configuration file, /etc/apache2/sites-available/000-default.conf, use these commands to to make a copy:

cd /etc/apache2/sites-available cp 000-default.conf 000-default.conf.orig 

 

Then open the file for editing:

sudo vi 000-default.conf

 

Find the <VirtualHost *:80> entry and modify it so your web server will listen on port 443:

<VirtualHost *:443> 

 

Then add the ServerName directive, if it doesn't already exist (substitute your domain name here):

ServerName example.com

 

Then add the following lines to specify your certificate and key paths (substitute your actual paths here):

SSLEngine on SSLCertificateFile /home/sammy/example.com.crt SSLCertificateKeyFile /home/sammy/example.com.key

 

If you are using Apache 2.4.8 or greater, specify the CA intermediate bundle by adding this line (substitute the path):

SSLCACertificateFile /home/sammy/intermediate.crt

 

If you are using an older version of Apache, specify the CA intermediate bundle with this line (substitute the path):

SSLCertificateChainFile /home/sammy/intermediate.crt

 

At this point, your server is configured to listen on HTTPS only (port 443), so requests to HTTP (port 80) will not be served. To redirect HTTP requests to HTTPS, add the following to the top of the file (substitute the name in both places):

<VirtualHost *:80> ServerName example.com Redirect permanent / https://example.com/ </VirtualHost>

 

Save and exit.

 

Enable the Apache SSL module by running this command:

sudo a2enmod ssl

 

Now restart Apache to load the new configuration and enable TLS/SSL over HTTPS!

sudo service apache2 restart

 

Test it out by accessing your site via HTTPS, e.g. https://example.com

You will also want to try connecting via HTTP, e.g. http://example.com to ensure that the redirect is working properly!

 

 

Sources:

https://gist.github.com/bradmontgomery/6487319#install-the-commodo-ssl-cert

https://www.digitalocean.com/community/tutorials/how-to-install-an-ssl-certificate-from-a-commercial-certificate-authority#install-certificate-on-web-server