Knowledgebase

Apache (with mod_ssl)  Print this Article

Installing SSL certificate on Apache with mod_ssl
  1. To install certificate you need 2 files: .crt and .ca-bundle
  2. Move all of the certificate related files to their appropriate directories.

    A typical setup:
    • Move the Private Key that was generated earlier to the ssl.key directory, which is typically found in /etc/ssl/. This must be a directory which only Apache can access.
    • Move the yourDomainName.crt and yourDomainName.ca-bundle to the ssl.crt directory, which is typically found in the /etc/ssl/directory.
  3. Edit the file that contains the SSL configuration with text editor.

    Note: The location of this file may vary from each distribution. It will be referenced in the Apache global configuration file. Look for the lines starting with include.

    Apache Configuration File:
    • Fedora/CentOS/RHEL: /etc/httpd/conf/httpd.conf
    • Debian and Debian based: /etc/apache2/apache2.conf
    Some possible names:
    • httpd-ssl.conf
    • ssl.conf
    • or in the /etc/apache2/sites-enabled/ directory.
    Note: If need be please consult your distribution documentation on Apache and SSL or navigate to the Apache Foundation's Apache2 Documentation.
  4. In the VirtualHost section of the file please add these directives if they do not exist. It is best to comment out what is already there and add the below entries.
    • SSLEngine on
    • SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
    • SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
    • SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle (Apache 1.x: Please use SSLCACertificateFile instead of SSLCertificateChainFile).
    Note: The above paths in the directives are only used as examples. Your server may have a different path and may need to be modified to suit your needs.
  5. Save your config file and restart the Apache service.

Was this answer helpful?

Related Articles

What is CSR and who needs it?
A Certificate Signing Request is a text generated on the server that is used to create your SSL...
Apache/OpenSSL
To generate a pair of private key and public Certificate Signing Request (CSR) for a webserver,...
Apache (Multi-Domain version)
To generate CSR file which includes more than one Fully Qualified Domain Name, you need to...
Apple Mac OS X Server
CSR is generated in 2 steps.I. Private key generation1. Log into server and open...
Barracuda SSL VPN
Generating a Certificate Signing Request for Barracuda VPNFrom the appliance web interface,...