Knowledge Base
Install an SSL Certificate for Apache mod_ssl
Apache mod_ssl is a strong cryptographic method for securing Apache servers using SSL or TLS. This guide will walk you through the installation of your certificate.
These are the steps you need to follow to install SSL for Apache mod_ssl:
- Open the ZIP file that you received. Copy all of them to the server where you want to install the certificate.
There will usually be two files there: yoursitename.crt and yoursitename.ca-bundle. - Find the private key that you generated earlier. Move it to the ssl.key folder. You can usually find this folder in /etc/ssl/. Make sure that only Apache can access it.
- Transfer the yoursitename.crt and yoursitename.ca-bundle files to the ssl.crt folder. You can usually find it in the /etc/ssl/ folder.
- Open the file with the SSL configuration. Use a plain text editor for this.
Apache Configuration File:
Fedora/CentOS/RHEL /etc/httpd/conf/httpd.conf Debian and Debian based /etc/apache2/apache2.conf
SSL Configuration File:
Here are some sample names:- httpd-ssl.conf
- ssl.conf
- In the /etc/apache2/sites-enabled/ directory.
NOTE: Please check the documentation for your distribution, especially concerning Apache and SSL. Alternatively, if necessary, consult the Apache Foundation's Apache2 Documentation.
- Find the section of the file relating to VirtualHost. Add the following folders if they are not there already. As always when adding new code, please comment out the already-existing commands and add the new ones.
SSLEngine On SSLCertificateKeyFile /etc/ssl/ssl.key/server.key SSLCertificateFile /etc/ssl/ssl.crt/yoursitename.crt SSLCertificateChainFile * /etc/ssl/ssl.crt/yoursitename.ca-bundle * - If you are using Apache 1.x then you will need to use SSLCACertificateFile, not SSLCertificateChainFile.
NOTE: The paths given above are only examples. Your paths may be different and you should modify them accordingly.
- Save your changes to the configuration file. Then restart Apache.
Congratulations, you're done.
* Your feedback is too short