SSL – on Turnkey Linux (or any other linux site…)

Leave a comment

September 16, 2014 by aubreykloppers

To enable you to get a free and your own SSL CERT, you first have to create an account on:

One of the things you will have to remember is that you will have to be the OWNER or your domain (i.e.: to host you web site. (i.e.:

then run the following steps from a SSH console:

vi /etc/apache2/sites-available/<YOURSITE>
and change the values of 443 so that it looks like this:
     <VirtualHost *:443>
     SSLEngine on
     SSLCertificateFile /etc/ssl/certs/<YOURSITE>.pem
     SSLCertificateChainFile /etc/ssl/certs/<YOURSITE>.crt
     ServerAdmin webmaster@localhost
     DocumentRoot /var/www/<YOURSITE>/

openssl req -new -newkey rsa:2048 -nodes -out www_cyber7_co_za.csr &
    -keyout www_cyber7_co_za.key -subj “/C=ZA/ST=Western &
    Cape/L=Durbanville/O=AUBREY’s CO/CN=
* (Rename the bits in BOLD to suit your needs)
*** WordPress adds a http:// onto the www entry above.  DELETE it…

more www_cyber7_co_za.csr
* (Rename the bits in BOLD to suit your needs)
and paste the result into CAcert’s “NEW Server Certificates”, get the answer and

Paste the answer into this file:
vi www_cyber7_co_za.crt

Run the following:
cat www_cyber7_co_za.key www_cyber7_co_za.crt > www_cyber7_co_za.pem
chown root:root *.pem *.crt
chmod 400 *pem *.crt
cp www_cyber7_co_za.pem /etc/ssl/certs/www_cyber7_co_za.pem
cp www_cyber7_co_za.crt /etc/ssl/certs/www_cyber7_co_za.crt
a2enmod ssl
/etc/init.d/apache2 force-reload

If you now browse to your site with HTTPS://…  you will find your SSL CERT is 100% 🙂


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: