How to install SSL certifiate on Apache?

Required steps

1. Extract all of the contents of the ZIP file that was sent to you and copy/move them to your server. The extracted contents will typically be named: your-domain.com.crt and your-domain.com.ca-bundle

Note: In case you did not receive a Bundle from Sectigo in the email, you have to download and concatenate the following files in this order:

Your PositiveSSL Certificate - your-domain.com.crt
Intermediate CA Certificate - SectigoRSADomainValidationSecureServerCA.crt
Intermediate CA Certificate - USERTrustRSAAddTrustCA.crt
Root CA Certificate - AddTrustExternalCARoot.crt

The first file (your-domain.com.crt) can be obtained from the web panel at ClouDNS. The remaining 3 files must be downloaded from Sectigo.

Example command for Linux:

cat your-domain.com.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAddTrustCA.crt AddTrustExternalCARoot > your-domain.com.ca-bundle

Example command for Windows:

type your-domain.com.crt SectigoRSADomainValidationSecureServerCA.crt USERTrustRSAAddTrustCA.crt AddTrustExternalCARoot > your-domain.com.ca-bundle

2. Move all of the certificate related files to their appropriate directories.

Move the Private Key that was generated earlier to the ssl.key directory, which is typically found in /etc/ssl/. This must be a directory which only Apache can access.
Move the your-domain.com.crt and your-domain.com.ca-bundle to the ssl.crt directory, which is typically found in the /etc/ssl/ directory.

Note: In case you did not receive a Bundle from Sectigo in the email, please refer to step 1 in this article.

3. Edit the file that contains the SSL configuration with your favorite text editor.

Examples: nano, vi, pico, emacs, mousepad, notepad, notepad++, etc.

Note: The location of this file may vary from each distribution. It will be referenced in the Apache global configuration file. Look for the lines starting with include.

Apache Configuration File:

Fedora/CentOS/RHEL: /etc/httpd/conf/httpd.conf
Debian and Debian based: /etc/apache2/apache2.conf

SSL Configuration File:
Some possible names:
httpd-ssl.conf
ssl.conf
In the /etc/apache2/sites-enabled/ directory.

Note: If need be please consult your distribution's documentation on Apache and SSL or navigate to the Apache Foundation's Apache2 Documentation.

4. In the VirtualHost section of the file please add these directives if they do not exist. It is best to comment out what is already there and add the below entries.

SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/your-domain.com.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/your-domain.com.ca-bundle *** .

Apache 1.3.x:

SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/your-domain.com.crt
SSLCACertificateFile /etc/ssl/ssl.crt/your-domain.com.ca-bundle

Apache 2.x:

SSLEngine on
SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
SSLCertificateChainFile /etc/ssl/ssl.crt/your-domain.com.ca-bundle

Single SSL on multiple servers

These days it often happens to have multiple web servers for a single web page. If this is your case, you do not have to buy an SSL certificate for each server. You can use one single SSL certificate for all of them. To do it, you have to install the Private Key from the web server, on which CSR was generated and the certificates sent by Sectigo on each web server. Have in mind, that if you are using Wildcard SSL certificate, the CSR must be generated with Wildcard. For example, if you will generate a CSR for Wildcard SSL certificate for domain name domain.com, the CSR must be generated for *.domain.com.

Notes:
If you have chosen to have a password on your private key, you will be prompted to enter it each time Apache is started or restarted. Apache will not fully start until the password is entered.

The configuration file is often called httpd.conf or apache.conf, although sometimes the SSL-specific section is placed in a separate file called ssl.conf and linked from the main configuration by an 'Include' command. Sometimes, theVirtualHost section will be in a specific file for that site, in a sub-directory often labelled sites-enabled/.

Much of the layout of Apache's configuration files and directory naming conventions is controlled by the distribution of OS you are using. It is recommended that you look at the distribution's own site and documentation to confirm the locations.


Last modified: 2024-02-06
Cookies help us deliver our services. By using our services, you agree to our use of cookies. Learn more