I recently needed to add a wildcard SSL certificate, purchased from Network Solutions, to an AWS EC2 instance running Ubuntu 12.04. Here’s the steps I followed for success:
First, unzip the archive that Network Solutions provides, into your home directory. Mine happens to be at /home/ubuntu/certificates which includes these files:
- AddTrustExternalCARoot.crt
- OV_NetworkSolutionsOVServerCA2.crt
- OV_USERTrustRSACertificationAuthority.crt
- STAR.MYWEBSITE.COM.crt
You will use all the above files EXCEPT AddTrustExternalCARoot.crt. It is a legacy file for use in circumstance (for example, an Intranet) where very old legacy browsers are used. Not my use case, so I’m not going to delve further into this.
First, you need to copy your private key (used when generating the certificate request that you supplied to Network Solutions in order for them to generate your certificate), into place:
sudo cp /home/ubuntu/certificates/server.key /etc/apache2/ssl/
Concatenate two CRT files together, and put them into a new file in the Apache SSL directory:
cat /home/ubuntu/certificates/star_mywebsite/OV_USERTrustRSACertificationAuthority.crt /home/ubuntu/certificates/star_mywebsite/OV_NetworkSolutionsOVServerCA2.crt > /etc/apache2/ssl/NetworkSolutionsChain.crt
then
cd /etc/apache2/sites-enabled
For each of your enabled vhosts, add a new VirtualHost directive for port 80 which redirects all incoming port 80 traffic to https, and then change the original VirtualHost directive to respond on 443, and declare the paths to your SSLCertificeFile, SSLCertificateKeyFile, and SSLCertificateChainFile:
<VirtualHost *:80> ServerName example.mywebsite.com Redirect "/" "https://example.mywebsite.com/" </VirtualHost> <VirtualHost *:443> SSLEngine on SSLCertificateFile /etc/apache2/ssl/STAR.MYWEBSITE.COM.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key SSLCertificateChainFile /etc/apache2/ssl/NetworkSolutionsChain.crt # ... your other declarations ... </VirtualHost>
If you are going to have multiple virtual hosts running on port 443, you’ll want to avoid triggering this error:
[warn] _default_ VirtualHost overlap on port 443, the first has precedence
To do so, edit the /etc/apache2/ports.conf:
sudo vi /etc/apache2/ports.conf
Then, find the ifModule mod_ssl.c block, and change it to match:
<IfModule mod_ssl.c> # If you add NameVirtualHost *:443 here, you will also have to change # the VirtualHost statement in /etc/apache2/sites-available/default-ssl # to <VirtualHost *:443> # Server Name Indication for SSL named virtual hosts is currently not # supported by MSIE on Windows XP. NameVirtualHost *:443 Listen 443 </IfModule>
Next edit /etc/apache2/sites-available/default-ssl and change the line:
<VirtualHost _default_:443>
to:
<VirtualHost *:443>
Test that your edits are syntactically correct and that your SSL cert files are found:
sudo apache2ctl configtest
You should get a “Syntax OK” response, at which point, you can reload your Apache configuration:
sudo service apache2 reload
Now, visit your website using https to confirm!