openssl req -new -newkey rsa:2048 -nodes -keyout domainname.key -out domainname.csr
Put below settings in /etc/apache2/sites-enabled/default_ssl and change necessary settings.
< IfModule mod_ssl.c>
< VirtualHost _default_:443>
ServerAdmin webmaster@localhost
ServerName domain.com
DocumentRoot /home/ubuntu/folder_name
<Directory /home/ubuntu/folder_name>
Options FollowSymLinks
AllowOverride All
Require all granted
</Directory>
ErrorLog /var/log/apache2/domainname.log
# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn
CustomLog /var/log/apache2/domainname.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certs/domainname.com.crt
SSLCertificateKeyFile /etc/ssl/private/domainname.com.key
SSLCertificateChainFile /etc/ssl/certs/gs_intermediate_ca.crt
SSLCertificateChainFile /etc/ssl/certs/domainname.com.ca-bundle
#SSLOptions +FakeBasicAuth +ExportCertData +StrictRequire
<FilesMatch "\.(cgi|shtml|phtml|php)$">
SSLOptions +StdEnvVars
</FilesMatch>
<Directory /usr/lib/cgi-bin>
SSLOptions +StdEnvVars
</Directory>
# SSL Protocol Adjustments:
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
## For Vulnerability
SSLProtocol All -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite EECDH+ECDSA+AESGCM:EECDH+aRSA+AESGCM:EECDH+ECDSA+SHA384:EECDH+ECDSA+SHA256:EECDH+aRSA+SHA384:EECDH+aRSA+SHA256:EECDH+aRSA:EECDH:EDH+aRSA:!aNULL:!eNULL:!LOW:!3DES:!MD5:!EXP:!PSK:!SRP:!DSS!RC4
< /VirtualHost>
< /IfModule>
