How to Set Up SSL: A Step-by-Step Guide

Anh Trần Tuấn - Sep 7 - - Dev Community

1. Understanding SSL and Its Importance

SSL certificates encrypt data transmitted between your server and users, ensuring that sensitive information like login credentials and payment details remains secure. SSL is vital for building trust with your users and improving your site's SEO ranking.

2. Purchasing an SSL Certificate

2.1 Choose an SSL Certificate Provider

There are several reputable SSL certificate providers, including:

  • Let’s Encrypt (Free)
  • DigiCert
  • Comodo
  • GeoTrust

For this guide, we'll use Let’s Encrypt, as it offers free certificates and is widely accepted.

2.2 Generate a Certificate Signing Request (CSR)

Before purchasing or obtaining an SSL certificate, you need to generate a CSR. Here’s how to do it on a Unix-based system:

Run the following command to generate a private key and CSR:

openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Enter fullscreen mode Exit fullscreen mode

Fill in the required information, including your domain name, organization, and contact details.

3. Configuring SSL on Different Servers

3.1 Nginx

Install Certbot (Let’s Encrypt client):

sudo apt update
sudo apt install certbot python3-certbot-nginx
Enter fullscreen mode Exit fullscreen mode

Obtain the SSL Certificate:

sudo certbot --nginx -d yourdomain.com
Enter fullscreen mode Exit fullscreen mode

Configure Nginx:

Your Nginx configuration file (/etc/nginx/sites-available/yourdomain) should include the following lines:

server {
    listen 443 ssl;
    server_name yourdomain.com;

    ssl_certificate /etc/letsencrypt/live/yourdomain.com/fullchain.pem;
    ssl_certificate_key /etc/letsencrypt/live/yourdomain.com/privkey.pem;

    location / {
        proxy_pass http://localhost:8080;
    }
}
Enter fullscreen mode Exit fullscreen mode

Test and Reload Nginx:

sudo nginx -t
sudo systemctl reload nginx
Enter fullscreen mode Exit fullscreen mode

3.2 Tomcat

Convert the Certificate to a Java Keystore:

openssl pkcs12 -export -in yourdomain.crt -inkey yourdomain.key -out yourdomain.p12 -name tomcat
Enter fullscreen mode Exit fullscreen mode

Import the Keystore into Tomcat:

Edit server.xml located in $CATALINA_HOME/conf :

<Connector port="8443" protocol="HTTP/1.1" 
           maxThreads="150" SSLEnabled="true" 
           scheme="https" secure="true" 
           clientAuth="false" sslProtocol="TLS" 
           keystoreFile="/path/to/yourdomain.p12" 
           keystorePass="password" />
Enter fullscreen mode Exit fullscreen mode

Restart Tomcat:

sudo systemctl restart tomcat
Enter fullscreen mode Exit fullscreen mode

3.3 Apache

Install Certbot:

sudo apt update
sudo apt install certbot python3-certbot-apache
Enter fullscreen mode Exit fullscreen mode

Obtain the SSL Certificate:

sudo certbot --apache -d yourdomain.com
Enter fullscreen mode Exit fullscreen mode

Verify Apache Configuration:

Ensure your Apache configuration ( /etc/apache2/sites-available/yourdomain.conf ) includes:

<VirtualHost *:443>
    ServerName yourdomain.com
    DocumentRoot /var/www/yourdomain

    SSLEngine on
    SSLCertificateFile /etc/letsencrypt/live/yourdomain.com/fullchain.pem
    SSLCertificateKeyFile /etc/letsencrypt/live/yourdomain.com/privkey.pem
</VirtualHost>
Enter fullscreen mode Exit fullscreen mode

Restart Apache:

sudo systemctl restart apache2
Enter fullscreen mode Exit fullscreen mode

3.4 XAMPP

Generate a CSR and Key (as shown above).

Obtain the SSL Certificate from Let’s Encrypt or another provider.

Configure SSL in XAMPP:

lace your certificate files ( .crt and .key ) in the xampp/apache/conf/ssl.crt and xampp/apache/conf/ssl.key directories, respectively.

<VirtualHost _default_:443>
    DocumentRoot "C:/xampp/htdocs"
    ServerName yourdomain.com:443

    SSLEngine on
    SSLCertificateFile "conf/ssl.crt/yourdomain.crt"
    SSLCertificateKeyFile "conf/ssl.key/yourdomain.key"
</VirtualHost>
Enter fullscreen mode Exit fullscreen mode

Restart XAMPP.

4. Verifying SSL Configuration

To ensure your SSL setup is working correctly, visit your site using https://yourdomain.com and check for the padlock icon in the browser’s address bar. You can also use online tools like SSL Labs’ SSL Test to verify your configuration.

5. Conclusion

Setting up SSL is a critical step in securing your website and enhancing user trust. By following this guide, you can ensure that your SSL certificate is correctly configured on popular servers like Nginx, Tomcat, Apache, and XAMPP. Remember to keep your SSL certificate up to date and renew it before expiration to maintain secure communications.

Read posts more at : How to Set Up SSL: A Step-by-Step Guide

. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .