Step 1: Generate Key.
Run the following command in putty command prompt:
openssl genrsa 2048 > keyfilename.key
Step 2: Generate CSR file with following command.
openssl req –new –key keufilename.key > csrfilename.csr
After that command is entered, system will ask few questions:
Organization name: Opendp
Organization unit: IT
Common name: www.yourdomain.com
Challenge password: [leave blank]
Optional company name: [leave blank]
Step 3: Buy a SSL certificate.
Step 4: Enter generated CSR file contents from where you bought SSL certificate.
Watch this video for above steps practical implementation: https://www.youtube.com/watch?v=XrZxJsKUQR8
Step 5: Confirm your domain ownership.
This can be done by 3 ways. By adding file to you domain, through your registrant email and by adding a DNS record.
Step 6: Get your certificate.
After confirming your ownership, you will be sent an email to your registered email address containing you certificate files. There will 3 files, one with your_domain.crt name, that is your certificate. Another file name your_domain.p7b, this was not used by me. And last with your_domain.ca-bundle name, this file was used.
Step 7: Upload certificate files to server.
Upload your_domain.crt, your_domain.ca-bundle and keyfilename.key (this file was generated in step 1) to your server. Recommended to upload them in /etc/apache2/ssl folder. (it’s only a recommendation, can be uploaded anywhere).
Step 8: Configure default-ssl.conf file.
Next you need to configure you default-ssl.conf file which is located in /etc/apache2/sites-available. Below contents need to be uploaded in the file:
This article will help you with above steps: https://www.digicert.com/ssl-certificate-installation-apache.htm
Step 9: Restart server.
Finally, you should restart your server with following command:
sudo service apache2 restart