Certificate Installation: Apache

Installing a certificate using Apache (with mod_ssl) & OpenSSL

You should have received your certificate from us, a file typically named 'your_domain_com.crt' as well as the 'CA bundle' file containing the intermediate certificates, typically named 'your_domain_com.ca-bundle'. [or download the Ca Bundle]

Installing the certificate requires you to be able to make changes to Apache's configuration files, and restart the Apache server process. Please ensure you can do this before you continue. Also, you will need a Dedicated IP for the SSL domain. You cannot install the SSL on to a IP where are more then one domains!

1. Copy the certificate and CA bundle file to your server, into a directory where you plan to keep your certificates.
   This is commonly /etc/ssl/.



2. You will now need to edit the Apache configuration file. The location of this file can vary depending on your distribution (Windows, Debian/CentOS/Fedora/etc. Linux) and the version of Apache you are using.
   Locate the file and open it in your preferred editor.



3. Locate the VirtualHost section for the ssl-enabled site you are installing the certificate for. This will commonly begin .



4. Add the following lines into the VirtualHost section, making sure to change the paths of the files to correspond to the locations of the files on your server.

 

Apache 1.3.x:

SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCACertificateFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle

Apache 2.x:

SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle

 

5. Save the changes to the file. Now you will need to restart Apache. It is sometimes required to 'stop' then 'start' Apache, instead of issuing the 'restart' command for the changes to take effect.

Notes:
If you have chosen to have a password on your private key, you will be prompted to enter it each time Apache is started or restarted. Apache will not fully start until the password is entered.

The configuration file is often called httpd.conf or apache.conf, although sometimes the SSL-specific section is placed in a separate file called ssl.conf and linked from the main configuration by an 'Include' command. Sometimes, the VirtualHost section will be in a specific file for that site, in a sub-directory often labelled sites-enabled/.

Much of the layout of Apache's configuration files and directory naming conventions is controlled by the distribution of OS you are using. It is recommended that you look at the distribution's own site and documentation to confirm the locations:
Debian, CentOS, Fedora etc.