SSL Store Loading

Apache SSL Certificate Installation Quick Guideline

SSL Certificate Installation Guideline with Quick Steps for Apache

Please click here if you have not yet created a Certificate Signing Request (CSR) and placed an order for your SSL certificate.

For installing your SSL certificate please follow the instructions described below.

Step 1 – Download all the necessary certificates (your Server Certificate and the Intermediate Certificates) from your customer area or from the order completion email provided by your CA.

Now copy them to the directory on your server where you intend to store your key files and certificates. Please ensure to make them readable by root only.

Step 2 – Now find the Apache config file – usually titled "httpd.conf". Generally it is found in /etc/httpd, though it may differ in certain variations of Apache. In the file you may find the <VirtualHost> block in one of the following locations:

  • At the bottom of the httpd.conf files.
  • In a file called 'ssl.conf'
  • In their own files under a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/.

You will want to open the files in a text editor until you locate the <VirtualHost> block.

Step 3 – You will need a virtual host for both the HTTPS and HTTP protocol if you want your website to be accessible with both, secure (https) and non-secure (http) connections. As described in step 4, make a copy of the existing non-secure virtual host and then configure it for HTTPS (SSL).

If you want your website to be exclusively accessible securely via HTTPS, you can configure the existing virtual host for SSL (as described in step 4)

Step 4 – In this step, configure the <VirtualHost> block for the SSL-enabled site. Proceed by un-commenting the following line (by removing the hash '#') from the 'httpd.conf file #Include conf/extras/httpd-ssl.conf', which has most of the SSL-related settings configured out of the box. All you have to do is point the VirtualHost settings to your certificate files, directories and website.

Here is an illustration of a virtual host configured for your SSL certificate:

<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/html2
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/CA.crt

</VirtualHost>

In the above example, all the parts highlighted in bold are to be added for SSL configuration. Also, to match your file names, you need to adjust the following file names:

  • 'SSLCertificateFile' is the certificate file for your server (e.g. your_domain_name.crt)
  • 'SSLCertificateKeyFile' is the private key that you generated while creating the CSR
  • 'SSLCertificateChainFile' is the intermediate certificate(s) file provided by your CA. If you have multiple Intermediates, some servers may require you to concatenate the files into one. If this file does not work, try using 'SSLCACertificateFile'.

Step 5 – Please make sure you re-check all your Apache config files for any errors as the server will not start again if it has some syntax errors in it. Run the following command to check your Apache server: 'apachectl configtest'.

Step 6 – Conclude the process by restarting the Apache server. Use the following 'apachectl'commands to start/stop with SSL support:

  • apachectl start
  • apachectl stop

Please note, if the 'apachectl start' command fails to work, you can also try using the command 'apachectl startssl' instead. We suggest you to adjust the 'start up configuration' of apache to include the SSL support in the regular 'apachectl start' command, if you find your SSL support loading only with the help of this command. Otherwise, your server may need you to manually restart Apache with the command 'apachectl startssl' during server re-boot, which typically involves the removal of the <IfDefineSSL> and </IfDefine> that enclose your SSL configuration.

Troubleshooting

  • You can rely on our convenient SSL tool to check your newly installed SSL certificate by clicking here.
  • If you receive a warning message that reads "not trusted", you need to check if it indeed is the certificate you just configured. If it is, then it's likely your 'SSLCertificateChainFile' has not correctly configured and you are missing some Intermediate Certificates.
  • If you do not see the expected certificate then you might have another SSL <VirtualHost> block before the one you configured recently. Unless you use the same certificate for all virtual hosts like Wildcard or UC certificate, name-based virtual hosts are not possible with https.

World's Leading Provider of Website Security Solutions