How to install Comodo SSL on Apache2 in Ubuntu/Debian Server

1.Copy  certificate to your server, you may use to upload using Winscp (download here) or if you dont have yet SSL certificate you can read previous post how to get ssl HERE

Comodo SSL Zip Package contains

  • AddTrustExternalCARoot.crt
  • COMODORSAAddTrustCA.crt
  • COMODORSADomainValidationSecureServerCA.crt
  • my-secure-domain.crt

Additional file:

  • secure_anacion_info.key

2.Login into your server using SSH

3.Create virtualhost for your SSL site. (i will use my site as example)

#vi /etc/apache2/sites-available/

4.Copy Config Below.The entries in red were modified from the original file

<IfModule mod_ssl.c>
 <VirtualHost _default_:443>
 ServerAdmin [email protected]

 DocumentRoot /var/www/secure

 ErrorLog ${APACHE_LOG_DIR}/error.log
 CustomLog ${APACHE_LOG_DIR}/access.log combined

 SSLEngine on

 SSLCertificateFile /etc/ssl/certs/secure_anacion_info.crt
 SSLCertificateKeyFile /etc/ssl/private/secure_anacion_info.key
 SSLCertificateChainFile /etc/ssl/ssl-bundle.crt
 <Directory /var/www/secure>
 AllowOverride All

 <FilesMatch "\.(cgi|shtml|phtml|php)$">
 SSLOptions +StdEnvVars
 <Directory /usr/lib/cgi-bin>
 SSLOptions +StdEnvVars


5.Save and Exit

6.Go to the directory where you upload the certificate file.

#cd /root
#cd secure_anacion_info

7.Create ssl-bundle for SSL Certificate Chain using code below

#cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt > ssl-bundle.crt

8.Check the certificate file “ls -l” and if all same as image below we now copy the files according to site config directory.

9.Copy certificate according to our config.

# cp secure_anacion_info.crt /etc/ssl/certs/

#cp secure_anacion_info.key /etc/ssl/private/

#cp ssl-bundle.crt /etc/ssl/

10.Enable SSL Module

#a2enmod ssl

11.Restart Webserver

#service apache2 restart

12.Enable SSL virtual host that we create config from step 3


13.Restart Apache to load new virtualhost file.

#service apache2 restart

14.Done, You can test you configuration by visiting server domain by typing or you can use SSL Checker

in our example, here’s the result



Leave a Reply

Your email address will not be published.