fbpx
  1. Home
  2. Knowledge Base
  3. SSL Certificate Guides
  4. Install SSL Certificate
  5. Apache
  6. How to Install Your SSL Certificate on an Apache HTTP Web Server

How to Install Your SSL Certificate on an Apache HTTP Web Server

This guide provides step-by-step instructions for installing your certificate in Apache HTTP Server.

Note: As of version Apache 2.4.8, the default configuration options have changed.


1. Copy your PEM-format certificate to your server

This includes your server certificateand an intermediate certificate.

Your server certificate can be obtained from the delivery e-mail or in the customer portal. The intermediate certificate used will vary depending on the product type. If it is not included in the delivery mail, it can be found in our Knowledge Base in the Intermediate Certificate section. 

PEM-format should always include the “—–BEGIN—–” and “—–END—–” tags, such as:

 SSL Certificate on an Apache HTTP Web Server 

Note: The private key would have been generated along with the certificate signing request (CSR); it may very well already be on the server. If the private key is lost, you will need to reissue your certificate. 
 

2. Open your Apache configuration file for editing

This will generally be found in one of the following locations, depending on your OS.

On CentOS/RedHat:

/etc/httpd/httpd.conf
/etc/httpd/sites-enabled/name-of-virtualhost.conf

 
On Debian/Ubuntu:

/etc/apache2/apache2.conf
/etc/apache2/sites-enabled/name-of-virtualhost.conf

Note: The configuration may be in a different location.
 
3. Configure your virtual host to use the certificate

<VirtualHost xxx.xxx.x.x:443>

    DocumentRoot /var/www/examplesite

    ServerName example.com

    ServerAlias www.example.com

    SSLEngine on

    SSLCertificateFile /path/to/examplesite.crt

    SSLCertificateKeyFile /path/to/privatekey.key

    SSLCertificateChainFile /path/to/intermediate.crt

</VirtualHost>


4. Point the following directives to the corresponding certificate:

  • SSLCertificateFile: This should point to your server certificate
  • SSLCertificateKeyFile: This should point to your server’s private key
  • SSLCertificateChainFile: This should point to the intermediate certificate for your product

Note: As of Apache 2.4.8, the SSLCertificateChainFile directive was deprecated and SSLCertificateFile was extended to support intermediate certificates. Adding the intermediate certificate to the end of your certificate will create a chain file for your server

5. Test your updated configuration:

Depending on your system, run the command:

apachectl configtest
or
apache2ctl configtest

This will detect any errors in your configuration such as mismatched public & private keys, or an incorrect path. 
 
6. Restart the Apache service

For older versions of Red Hat Enterprise Linux use init scripts as stated below.

CentOS/RedHat:
service httpd restart

Debian/Ubuntu:
service apache2 restart

For Red Hat Enterprise Linux 7 or CentOS 7.0 use the following commands.

CentOS/RedHat:
systemctl restart httpd.service

Debian/Ubuntu:
systemctl restart apache2.service

Note: Some Apache configurations may show an entry for SSLCACertificateFile. This field is only needed if you use Apache for client authentication. The SSLCACertificateFile would point to a CA certificate or directory of CA certificates that issue certificates you accept for client authentication. 

 

Was this article helpful?