I created a privatekey file using openssl command:

openssl genrsa -des3 -out private.key 2048

Entered my password, and followed by generating CSR:

openssl req -new -key privatekey.key -out csrkey.csr

I use this CSR key to create my SSL certificate through RapidSSL. They issued me 3 certificate ending in .cer namely:

1. CACertificate-1.cer
2. CACertificate-2.cer
3. ServerCertificate-1.cer

I uploaded all of these certificates to the /etc/apache2/ folder

/etc/apache2/ contains:

• CACertificate-1.cer
• CACertificate-2.cer
• ServerCertificate-1.cer
• Privatekey.key
• Csrkey.csr
• Chain.ctr (I got this from Rapid SSL as an intermidiate certificate)

I then had to add the code to /etc/apache2/apache2.conf:

<VirtualHost _default_:443>
SSLEngine on
DocumentRoot /var/www/html
ServerName example.co.uk
SSLEngine on
SSLCertificateFile /etc/apache2/CACertificate-1.cer
SSLCertificateKeyFile /etc/apache2/privatekey.key
SSLCertificateChainFile /etc/apache2/chain.ctr
</VirtualHost>

My /etc/apache2/apache2.conf file didn't have the <VirtualHost>, when I tried to restart apache it it said "SSLEngine command not deined in this module". So I have a look around and found /etc/apache2/sites-available/default-ssl.conf which did contain <VirtualHost>

I proceeded by adding the code above, but after restarting apache using

sudo apachectl restart

But the https://example.co.uk is giving me a grey screen: SSL connection error

ERR_SSL_PROTOCOL_ERROR Hide details Unable to make a secure connection to the server. This may be a problem with the server, or it may be requiring a client authentication certificate that you don't have.

Here are the steps to enable HTTPS protocol of your Apache service on Google Compute Engine (You can safely skip those steps that you've already taken) :

1. Create a secure directory to install and protect your keys

$ sudo mkdir /etc/apache2/ssl.crt
$ cd /etc/apache2/ssl.crt

2. Generate a private key

$ sudo openssl genrsa -out example.key 2048

3. Generate a certificate signing request (CSR)

$ sudo openssl req -new -key example.key -out example.csr

4. You can use your new CSR to obtain a valid certificate from a certificate authority (CA). Alternatively, you can generate a self-signed certificate by running the following command

$ sudo openssl x509 -req -days 365 -in example.csr -signkey example.key -out example.crt

Caution: Self-signed certificates are not suitable for public sites. While a self-signed certificate implements full encryption, it will cause most browsers to present a warning or error when visitors try to access your site. The above command is provided for testing purposes only.

5. Open Apache’s SSL site configuration file for editing

$ sudo nano /etc/apache2/sites-available/default-ssl.conf

6. Edit the following directives’ values

SSLCertificateFile /etc/apache2/ssl.crt/example.crt

SSLCertificateKeyFile /etc/apache2/ssl.crt/example.key

7. Uncomment and edit SSLCertificateChainFile value, if you got a certificate chain file from your CA

SSLCertificateChainFile /etc/apache2/ssl.crt/server-ca.crt

8. Save the configuration file and close it.

9. Now enable this site configuration file

$ sudo a2ensite default-ssl.conf

10. You can use the command below to verify and see configuration errors

$ sudo apachectl configtest

11. Restart the Apache service

$ sudo service apache2 restart

12. Add/Enable GCE firewall rules for the following protocol:ports pairs for your VM instance

tcp:80 and tcp:443