how to generate ssl certificates

SSL Certificates also known as Digital Certificate is a widely used corner-stone of web security. I was recently faced some security problems. and the solution was very simple, a widely used term SSL. But at that time i don’t have any idea about what is SSL, how to generate SSL certificates, how it works and how it prevents Man-in-the-middle attacks. Thanks to the team who share their knowledge and help me in figure out the solution. There may be many who have the same questions in their mind. So I am sharing what i learn and how to generate SSL certificates.

Here are some steps to generate SSL certificates.

1. There are a lots of sources to generate ssl certificates. You can get free ssl certificates from here:
* you can pass multiple domains like
2. There are multiple options available when you submit domains to create certificates. choose manual verification.
3. Follow instruction specified in  to verify domain.
4. download certs to local system.
5. upload certs to server.
6. cp or mv certs to following directories

*Note: If you don’t have permissions to run cp, mv or nano command, use sudo to run following commands.

cp /UPLOAD_DIRECTORY_PATH/certificate.crt /etc/ssl/certs/certificate.crtcp /UPLOAD_DIRECTORY_PATH/ca_bundle.crt /etc/ssl/certs/ca_bundle.crtcp /UPLOAD_DIRECTORY_PATH/private.key /etc/ssl/private/private.key

7. Now you have to create apache ssl configuration file. This configuration file should resides in /etc/apache2/sites-available directory. you can go to this path by following command:

cd /etc/apache2/sites-available

create ssl conf file by following command:
nano example-ssl.conf

copy following code to example-ssl.conf

<IfModule mod_ssl.c>
<VirtualHost _default_:443>
ServerAdmin webmaster@localhost
DocumentRoot <document root path like: /var/www/html/example>
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/certificate.crt
SSLCertificateKeyFile /etc/ssl/private/private.key
SSLCertificateChainFile /etc/ssl/certs/ca_bundle.crt
<Directory /var/www/html/example>
SSLOptions +StdEnvVars
Options +FollowSymlinks
AllowOverride All
Require all granted
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

8. Enable ssl conf
a2ensite example-ssl.conf

9. restart apache service
service apache2 restart

10. check ssl status

And that’s it. Cheers 🙂

3 Responses

  1. Hey there! I know this is somewhat off topic but I was wondering which blog
    platform are you using for this site? I’m getting tired of WordPress because I’ve had issues with hackers
    and I’m looking at options for another platform. I would be fantastic if you could point me
    in the direction of a good platform.

    1. You can create backend in python and frontend in any frontend technology like react. This will be faster and safe from attackers. Although It will increase your efforts for SEO but that is one time process. Later, you will fall in love with it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to Top