Stepwise Guide to Install SSL certificate on Apache Server

4 votes, average: 5.00 out of 54 votes, average: 5.00 out of 54 votes, average: 5.00 out of 54 votes, average: 5.00 out of 54 votes, average: 5.00 out of 5 (4 votes, average: 5.00 out of 5, rated)

A simple guide that assists you in the installation of SSL on Apache Server

Install SSL Certificate on ApacheSSL installation has become a necessity in this era of e-commerce. There are varieties of easy-to-install SSL certificates available in the market today. However, the installation process always has a tendency to go wrong if it is not performed in an accurate way. Here, we provide you with an easy to follow guide for installing an SSL certificate on Apache server. But before that, let’s take a look at some information about Apache Server.

A group of programmers developed Apache in 1995. It is a freely available open-source HTTP server. It is highly compatible with many of the modern operating systems like UNIX, FreeBSD, Linux, OpenVMS, Solaris, Novell NetWare, Windows NT, etc. Distributed by the Apache Software Foundation, Apache provides a full range of web server features. It is one of the most popular Web servers preferred by the users. As of June 2013, Apache was estimated to be serving 54.2% of active websites and 53.3% of top servers across all the domains.

Please follow the steps mentioned below for installing SSL and Extended Validation (EV) SSL certificate on Apache (with mod_ssl) & OpenSSL.

Note: Installation procedure would need you to make changes to Apache’s configuration files and then restart the Apache server at the end of the process. So please ensure that your system is capable to perform these tasks.

Install SSL certificate on Apache (with mod_ssl) & OpenSSL:

Step 1:
Copy the certificate, ‘your_domain_com.crt’ along with the CA bundle that contains the intermediate certificate, normally called ‘Apache_Plesk_Install.txt’ to your server where all the certificates and key files are stored. Generally, it is ‘/etc/ssl’.

Step 2:
Proceed by editing the Apache configuration file. Its location may vary depending on your distribution (Windows, Debian/CentOS/Fedora/etc. Linux) and the Apache version that you are using. After locating the file open it in any of your preferred editors.

Step 3:
Now locate the <VirtualHost> section for the SSL-enabled site on which you are installing the certificate. This would begin as <VirtualHost>.

Step 4:
In this step add the following lines into the VirtualHost section. Please make sure to change the paths of the files to match the locations of the files on your server.

Apache 1.3.x:

SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCACertificateFile /etc/ssl/ssl.crt/Apache_Plesk_Install.txt

Apache 2.x:

SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/Apache_Plesk_Install.txt

Step 5:
Save these changes to the file. Now restart Apache. For the changes to take effect, you will need to ‘Stop’ and then ‘Start’ the server instead of using the command ‘Restart’.

NOTE: If you have secured your private key with a password, you’ll be prompted each time to enter it. Until the password is entered, Apache won’t start completely.
The configuration file is often called httpd.conf or apache.conf, however, sometimes the SSL-enabled connection is placed in a separate file called ssl.conf. It is then linked from the main configuration with the help of an ‘Include Comment’. Occasionally the VirtualHost section will be in a specific file for that particular site, in a sub-directory often labeled as sites-enabled/.

Install EV SSL certificate on Apache (with mod_ssl) & OpenSSL:

Step 1:
Copy Domain certificate file to Directory on Apache Server

First of all, download your certificate files. The domain certificate will be called your_domain_name.crt. It would, typically, be found in a *zip file. It can also be downloaded, alternatively from the section in Account Manager called ‘Optional Download: Individual Certificate Files’.

When it is viewed in a text editor, your certificate would look like this:


Now, copy your certificate into the same directory as that in your Private Key. For this example we would be using ‘/etc/ssl/crt/’, while the private key used will be labeled ‘private.key’ and the public key would be ‘your_domain_name.crt’.

Here it is advisable for you to make the directory that contains the private key file only readable by root.

Step 2:
Intermediate Certificate Installation

For having the browsers trust your SSL certificate, you will need to install the intermediate CA certificates. They are contained within the ‘Apache_Plesk_Install.txt’ file. This can be downloaded from the section of ‘Optional Download: Individual Certificate Files’ in the Account Manager.

As an alternative to that, you can easily create the file for yourself by merging the ‘UTNAddTrustServer_CA.crt’ file, the ‘ComodoUTNServerCA.crt’ and the ‘ComodoEVSSLCA.crt’ content, which will be above the content of ‘ComodoEVSSLCA.crt’.

The files can be found in a *zip file or they need to be downloaded individually from the section of ‘Optional Download: Individual Certificate Files’ in Account Manager. Please make sure there are no white spaces in the combined files.

Here, you are recommended to use the .txt file.

Follow these steps to get the files correctly referenced in the relevant ‘Virtual Host’ section for your site.

Step A:
First of all, copy the ‘Apache_Plesk_Install.txt’ file to the directory where all the certificates and key files are stored. In one of the previous steps, we referred to it as ‘/etc/ssl/crt/’.

Step B:
Now add the following line to the SSL section of the ‘httpd.conf’ file. And just like the above step, copy it to ‘/etc/ssl/crt/’ (which is where you have copied the intermediate CA file). In case the line already exists, adjust it as follows:

SSLCertificateChainFile /etc/ssl/crt/Apache_Plesk_Install.txt

Step C:
If you are using different location and file names, then to reflect the change, you need to change the path and filename. The SSL section of the uploaded ‘config’ should now read:

SSLCertificateFile /etc/ssl/crt/yourDOMAINNAME.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCertificateChainFile /etc/ssl/crt/Apache_Plesk_Install.txt

Step D:
In this final step of the installation procedure, all you need to do is just save the ‘config’ and restart ‘Apache’.

Related Post: