After generating Certificate Signing Request (CSR) for Apache, next step is to install SSL certificate on Apache. To secure communication over server, you need to install SSL certificate properly on server. In this helpful article, we will reveal about SSL certificate installation process on Apache & Mod_SSL.
Install SSL Certificate on Apache with Mod_SSL
- You will have zip file usually sent by the certificate authority, this file contains main certificate file and root and intermediate certificate files (CA Bundle). Extract these files to server.
- First, move all-important files like private key to ssl.key directory (created with the CSR) that can be found in /etc/ssl/.
- Now, move certificate file (mydomain.crt) and CA bundle (root and intermediate files) to ssl.crt directory that is also found in /etc/ssl/ directory.
- Now, open Apache httpd.conf file with text editor, notepad or, notepad++. You will have SSL configuration file with names like httpd-ssl.conf and ssl.conf in In the /etc/apache2/sites-enabled/ directory.
PS. It may happen that the location of file may differ from each distribution. Look for the lines begin with Include in Apache Global Configuration File.
- Go to Apache Configuration File. If you are using Fedora/CentOS/RHEL operating system, you will have below Apache configuration file:
- If you are using Debian and Debian based operating system, you will have below Apache configuration file:
- You will have SSL configuration file with names like httpd-ssl.conf and ssl.conf in the /etc/apache2/sites-enabled/ directory.
- Browse VirtualHost section of the file and add below directives if they are not present.
SSLEngine on SSLCertificateKeyFile /etc/ssl/ssl.key/server.key SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle ***
- You can see below file in Apache 2.x version.
Apache 2.x: SSLEngine on SSLCertificateKeyFile /etc/ssl/ssl.key/server.key SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle
- At last, save your config file and restart the Apache server.
We suggest you to check your website using SSL checker tool, it will help you find SSL errors.