Loading...

Knowledge Base
Save 25% on a custom website!

How to Install an SSL Certificate on Apache 2.4.8+

Learn how to install your SSL certificate on Apache 2.4.8+. To check for the version number of your Apache server in Linux, execute the following command:

#apache2ctl -version 

or 

#apachectl -version

Prerequisites

Link the CAbundle and your certificate file (sent by your SSL provider) by executing the command below:

> cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt

If you are using Notepad or any GUI Text Editor:

  1. To link the certificate files into a single bundle file, open your domainname.crt and domainname.ca-bundle files using a text editor.
  2. Next, copy all domainname.crt content, then paste it on top of your domainname.ca-bundle file. 
  3. Lastly, save the file and name it as ssl-bundle.crt

Steps to Enable SSL on Apache Server

Note: For Apache SSL configuration best practices, check out Apache's support document.

Below are steps on how to install your SSL certificate on Apache 2.4.8+:

  1. The advanced configuration file in a standard SSL installation under Linux is located in /etc/apache2/mods-enabled/ssl.conf. However, the file that you will need to update or activate the certificate for your website is /etc/apache2/sites-enabled/default-ssl.conf.

    Use the command below to know where Apache pulls its configuration from:


    apache2ctl -V | grep SERVER_CONFIG_FILE
    or just
    apachectl -V | grep SERVER_CONFIG_FILE

    To secure a website with SSL on Ubuntu will be different. Each site's configurations for ports 443 and 80 are located in separate files, which can be found at /etc/apache2/sites-enabled/. You can edit or create a file with the VirtualHost for port 443 to establish a secure connection. To do this, you can duplicate the record for port 80 (which is present in your VirtualHost file by default) and change the port number from 80 to 443. This needs to be added below the non-secure module.
     
  2. In your Virtual Host settings, find your SSL certificate settings. Ensure that the directives below are included within the Virtual Host. If they're missing, please add them:
    • SSLCertificateKeyFile - This is the path to the private_key.key file, which is the initial CSR generation.  
    • SSLCertificateFile - This is the path to the PEM file, which contains the end entity certificate and the intermediates.

      For example:
      <VirtualHost 12.345.678.910:443>
      DocumentRoot /etc/httpd/htdocs

      ServerName comodo.com
      SSLEngine on SSLCertificateFile /usr/local/ssl/crt/ssl-bundle.crt SSLCertificateKeyFile /usr/local/ssl/private/private.key
      </VirtualHost>
     

    Note: File names can be domainname.crt, server.key, etc. Your server may use a different naming convention. You can change the paths to match the files on your server.

  3. To enable OCSP Stapling for your website (for Apache HTTP server 2.3.3+), you can add the directive below to Virtual Host: 

    SSLUseStapling on 
    Also, specify OCSP cache response location and size outside of the Virtual Host section using the SSLStaplingCache directive: 
    SSLStaplingCache shmcb:/tmp/stapling_cache(128000) 

     
  4. After updating your configuration file, check it for syntax errors using the apachectl configtest. If there are no errors, the command will return Syntax Ok.
  5. Restart Apache with the following commands:

    apachectl stop
    apachetl start
  6. To check if you have installed your SSL certificate correctly, you can use Qualys SSL Server Test

Configure Apache on Windows

You can find the configuration file for Apache, such as httpd.conf or ssl.conf. The name of the configuration file may vary depending on the Apache version and the environment you are using on Windows, such as EasyPHP or Wamp.

C:\\Program Files\\Apache Software Foundation\\Apache X.X\\conf\\SSL2015 

C:\\Program Files\\Apache Software Foundation\\EasyPHP\\SSL2015

Troubleshooting SSL Certificate Errors on Apache

To troubleshoot SSL certificate errors on Apache, check out Sectigo's support document.

Review

Discover the steps to install an SSL certificate on an Apache 2.4.8+ server. First, check the Apache server version using command-line instructions. Then, the CA bundle and certificate file can be linked into a single bundle file, which can be done through the command line or a GUI text editor. To enable SSL on the Apache server, locate your Apache configuration files, edit VirtualHost settings for port 443 (establishes a secure connection), and ensure specific SSL directives are included in the configuration.

Did you find this article helpful?

 
* Your feedback is too short

Loading...