How to Install an SSL Certificate on Apache 2.4.8+
Learn how to install your SSL certificate on Apache 2.4.8+. To check for the version number of your Apache server in Linux, execute the following command:
#apache2ctl -version
or
#apachectl -version
Prerequisites
Link the CAbundle and your certificate file (sent by your SSL provider) by executing the command below:
> cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt
If you are using Notepad or any GUI Text Editor:
- To link the certificate files into a single bundle file, open your domainname.crt and domainname.ca-bundle files using a text editor.
- Next, copy all domainname.crt content, then paste it on top of your domainname.ca-bundle file.
- Lastly, save the file and name it as ssl-bundle.crt.
Steps to Enable SSL on Apache Server
Below are steps on how to install your SSL certificate on Apache 2.4.8+:
- The advanced configuration file in a standard SSL installation under Linux is located in /etc/apache2/mods-enabled/ssl.conf. However, the file that you will need to update or activate the certificate for your website is /etc/apache2/sites-enabled/default-ssl.conf.
Use the command below to know where Apache pulls its configuration from:
apache2ctl -V | grep SERVER_CONFIG_FILE
or just
apachectl -V | grep SERVER_CONFIG_FILE
To secure a website with SSL on Ubuntu will be different. Each site's configurations for ports 443 and 80 are located in separate files, which can be found at /etc/apache2/sites-enabled/. You can edit or create a file with the VirtualHost for port 443 to establish a secure connection. To do this, you can duplicate the record for port 80 (which is present in your VirtualHost file by default) and change the port number from 80 to 443. This needs to be added below the non-secure module.
- In your Virtual Host settings, find your SSL certificate settings. Ensure that the directives below are included within the Virtual Host. If they're missing, please add them:
- SSLCertificateKeyFile - This is the path to the private_key.key file, which is the initial CSR generation.
- SSLCertificateFile - This is the path to the PEM file, which contains the end entity certificate and the intermediates.
For example:
<VirtualHost 12.345.678.910:443>
DocumentRoot /etc/httpd/htdocs
ServerName comodo.com
SSLEngine on SSLCertificateFile /usr/local/ssl/crt/ssl-bundle.crt SSLCertificateKeyFile /usr/local/ssl/private/private.key
</VirtualHost>
Note: File names can be domainname.crt, server.key, etc. Your server may use a different naming convention. You can change the paths to match the files on your server.
- To enable OCSP Stapling for your website (for Apache HTTP server 2.3.3+), you can add the directive below to Virtual Host:
SSLUseStapling on
Also, specify OCSP cache response location and size outside of the Virtual Host section using the SSLStaplingCache directive:
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
- After updating your configuration file, check it for syntax errors using the
apachectl configtest
. If there are no errors, the command will return Syntax Ok. - Restart Apache with the following commands:
apachectl stop
apachetl start
- To check if you have installed your SSL certificate correctly, you can use Qualys SSL Server Test.
Configure Apache on Windows
You can find the configuration file for Apache, such as httpd.conf or ssl.conf. The name of the configuration file may vary depending on the Apache version and the environment you are using on Windows, such as EasyPHP or Wamp.
C:\\Program Files\\Apache Software Foundation\\Apache X.X\\conf\\SSL2015
C:\\Program Files\\Apache Software Foundation\\EasyPHP\\SSL2015
Troubleshooting SSL Certificate Errors on Apache
To troubleshoot SSL certificate errors on Apache, check out Sectigo's support document.
Review
Discover the steps to install an SSL certificate on an Apache 2.4.8+ server. First, check the Apache server version using command-line instructions. Then, the CA bundle and certificate file can be linked into a single bundle file, which can be done through the command line or a GUI text editor. To enable SSL on the Apache server, locate your Apache configuration files, edit VirtualHost settings for port 443 (establishes a secure connection), and ensure specific SSL directives are included in the configuration.