Loading...

Knowledge Base
Save 25% on a custom website!

How to Install Certificates on Apache Open SSL

Securing your Apache server with SSL certificates is important for protecting data and ensuring secure communication. This guide is a walkthrough on how to install certificates on Apache. From generating a CSR (Certificate Signing Request) to configuring your server, we’ll cover each step in detail to help you achieve a secure and encrypted connection for your website.

In this article, we will discuss:

Apache Server SSL Certificate Installation

SSL Certificate Installation in Apache. Please make sure to copy the Certificate files to your server.

  1. Download Intermediate and Primary Certificate files from the Customer Area. Copy the files to the server's directory where you will keep the certificate and key files. Be sure to set permissions so that only the root user can read them.
  2. Find the Apache config file to edit.
    1. The configuration file's location and name can vary between servers, especially if you're using a specialized UI to manage the configuration of your server. 
    2. The main configuration file of Apache usually has a name of httpd.conf or apache2.conf. The possible locations for the file are /etc/httpd/ or /etc/apache2/.
    3. Usually, You can locate the SSL Certificate configuration in a <virtualhost> with a different configuration file. They may be under /etc/httpd/sites/, /etc/httpd/vhosts.d/, or in a file called httpd-ssl.conf.
    4. Using the command grep to search is a method to find the SSL configuration on Linux distributions. 
    5. You can run the command below:  

      grep -i -r "SSLCertificateFile" /etc/httpd/

      For your Apache installation, the base directory should be /etc/httpd/

  3. Identify the SSL block for configuration.
    1. You need a virtual host for each type of connection if you need your website to have both secure (https) and non-secure (http) connections. Make a copy of the non-secure virtual host and configure the SSL. Follow what's in step 4.
    2. Configure the existing virtual host for SSL if you only need your site to be accessed securely as described in step 4.
  4. Configure the block for the SSL-enabled site.
    1. The bold parts listed must be added to the SSL configuration. Below is an example of a virtual host configured for SSL: 

      <virtualhost 192.168.0.1:443="">
      DocumentRoot /var/www/html2 ServerName www.yourdomain.com
      ... on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/XYZ.crt
      </virtualhost>

    2. Change the name of the files to match your certificate file:
      • SSLCertificateFile should be your certificate file (e.g., your-domain-name.crt).
      • SSLCertificateChainFile should be the generated key file when you create the CSR.
      • SSLCertificateChainFile should be the intermediate certificate file (XYZ.crt).
    3. Try using the SSLCACertificateFile directive instead if the SSLCertificateChainFile directive does not work.
  5. Before restarting, test your Apache configuration.
    1. It is best to test your Apache config files for any errors before attempting to restart. Apache will not start if your config files have syntax errors. Run the command listed below:

      apachectl configtest
      (it is apache2ctl on some systems)

  6. Restart apache.
    1. Below are the apachectl commands to stop and start Apache with SSL support:

      apachectl start
      apachectl stop

Note: Try to use apachectl startssl as a substitute to apachectl start If Apache doesn't start with SSL support. If SSL support is only loading with apachectl startssl, tweak the startup configuration of Apache to enable SSL support in the regular apachectl start command. Otherwise, you may need to manually restart Apache using apachectl startssl after a server reboot, usually by removing the end tags enclosing your SSL configuration.

Review

Well, thanks to this guide, you should now be able to install SSL certificates into your Apache server using OpenSSL. This means locking up data kept at your website, and hence keeping it secure for you and your users. This level of security will be kept consistent by constantly updating and renewing the certificates.

Did you find this article helpful?

 
* Your feedback is too short

Loading...