Installing SSL Certificates in Linux

The IT resource for this post was Ryan Walker, a Rackspace Hosting Linux Administrator.

The importance of Internet security cannot be overstated. More and more consumers are turning to the Internet for purchases—a goldmine of potential data waiting to be hacked. With SSLs, private user information—such as credit card numbers—are scrambled before transmission and reassembled only with proper decryption keys. Doing so not only secures sensitive customer information, but is also a step in the direction of proper compliance.

Installation of the certificate is relatively straightforward for Linux servers, whether they use a Plesk control panel or not. The following provides a step-by-step process for installing your new or updated SSL certificate in Linux.

Installing SSL on Linux Servers with Plesk

(1) Login to the Plesk Control Panel, select domains, choose the domain to be updated then select the certificates section.

(2) Click “Add New Certificate” icon.

Installing SSL on Linux with Plesk
click thumbnail for larger view

(3) In “Certificate Name” box, enter filename you would like cert saved as.

Note: It is helpful to make the names something that is easy to identity, such as year of certificate and domain associated (i.e.,

(4) On your local computer, find the certificate and key files provided by your certificate authority. Open them with a text editor such as NotePad or gedit.

Installing SSL on Linux with Plesk
click thumbnail for larger view

(5) Copy the entire contents of each file and paste them in appropriate boxes in Plesk.

Note: Be sure to paste the contents of the files in the appropriate, corresponding boxes.

(6) Click “Send Text” when finished.

(7) Click “Setup” under the “Hosting” section of the domain screen. Choose the new certificate from the drop-down list and click “OK” when finished.

Installing SSL on Linux with Plesk
click thumbnail for larger view

Installing SSL on Linux Servers without Plesk

(1) Upload certificate and key files to the server using S/FTP.

(2) Login to the server via SSH and become the root user using the “su —“ command. Give the root password when prompted.

(3) Move the certificate file to /etc/httpd/conf/ssl.crt

(4) Move the key file to /etc/httpd/conf/ssl.key

Note: When trying to move the files, the ssl.crt and/or ssl.key directory may not exist, so you will need to create those first with a mkdir command.

Installing SSL on Linux without Plesk
click thumbnail for larger view

(5) You’ll want to ensure security of the files by restricting permission for the key using chmod 0400.

Installing SSL on Linux without Plesk
click thumbnail for larger view

(6) Edit the VirtualHost configuration for the domain. This is sually found in etc/httpd/conf.d/ssl.conf

Note: This will edit the SSLCertificateFile and SSLCertificateKeyFile to point to the correct directories with the actual files.

Installing SSL on Linux without Plesk
click thumbnail for larger view

(7) Finally, gracefully restart Apache to load the new configuration.

Rack Blogger is our catchall blog byline, subbed in when a Racker author moves on, or used when we publish a guest post. You can email Rack Blogger at


  1. Great article! Here are a few extra tips:

    1) Some distros by default still generate 1024-bit keys, which as of early Jan 2011 are not accepted by any Certificate Authority (CA) like Verisign or Godaddy. These are no longer secure. When you generate your CSR (certificate signing request), make sure you generate one with a 2048-bit key or larger.

    2) On Ubuntu, the apache directory is “apache2,” not httpd. Otherwise the cert install directions should be pretty much the same.

    • 100% agreed, that some CA do not accept 1024 bit key lengths, but still they can be used, with one restriction, no matter which date of the year cert is generated, it will be expired exactly on 1 of December of that same year. had to generate another one if it is again 1024 bit length will again expire on 31st of December same year.

      1024 bit keys will be valid until 2017, subject to condition that they will expire on 31 of December.

      Reason for that some older version of web servers do not allow you to create a key-length higher then 1024, during those days 1024 bit keys were classed as high strength keys.


Please enter your comment!
Please enter your name here