USD 
GBP 
CAD 
INR 
AUD 
SGD 
Your website must be secured to protect your data and visitors. Installing an SSL (Secure Socket Layer) certificate on your Apache server is one of the most effective ways to secure your website. SSL certificate protects the information exchanged by encrypting the communication between your site and its users.
This guide will take you through the steps to install an SSL certificate on an Apache server.
Generating a Certificate Signing Request (CSR) On Apache
Before you can install an SSL certificate, you need to create a Certificate Signing Request (CSR). This is an important stage during the SSL installation process as the Certificate Authority (CA) requires information such as your organization name, domain, email, etc. to issue your SSL certificate.
Steps to Generate a CSR:
- Access your server via SSH.
-
Use OpenSSL to create the CSR with the following command:
openssl req -new -newkey rsa:2048 -nodes -keyout your_private.key -out your_csr.csr
This command generates two files:
- A private key file (your_private.key)
- A CSR file (your_csr.csr)
- Submit the CSR to your chosen CA for signing. Please note that you should never share the private key with your CA.
How to Install an SSL Certificate on Apache
Once you have received your SSL certificate from the CA, you can proceed to install it on your Apache server. Installing an SSL certificate on Apache involves several steps:
Step 1: Get the Necessary SSL Certificate Files
To begin the SSL installation process, you must first obtain the necessary certificate files from your Certificate Authority (CA). After purchasing your SSL certificate, you will typically receive a ZIP file containing the following essential components:
-
Primary Certificate File (.crt)
This is the main server certificate that confirms your domain’s identity.
-
CA Bundle File (.ca-bundle)
This includes the root as well as the intermediate certificates. This file is crucial for compatibility with various browsers and applications. It helps establish a chain of trust and omitting these certificates may lead to your site being flagged as insecure.
Along with these two files make sure you have the private key file ready, which was generated during the CSR creation process.
If the CA bundle consists of multiple files instead of one .ca-bundle file, you can combine them into a single CA bundle file for easier management using the below command.
cat IntermediateCA1.crt IntermediateCA2.crt RootCA.crt > combined_bundle.crt
This command will merge the specified intermediate and root certificate files into one file named combined_bundle.crt, simplifying the configuration process later.
Step 2: Locate the Apache Configuration File
The main configuration file for Apache is typically named httpd.conf or apache2.conf. The location may vary depending on your operating system.
For many Linux distributions, it can be found in etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf.
To find out where your configuration files are located, you can use:
grep -i -r "SSLCertificateFile" /etc/httpd/
Step 3: Modify the Virtual Host Configuration
To enable SSL for your website, you need to modify or create a <VirtualHost> block in your configuration file. If you already have a <VirtualHost> file, then before you begin editing, it’s a good practice to back up the existing configuration file.
Here’s a basic sample of what your <VirtualHost> file should look like:
<VirtualHost *:443> DocumentRoot /var/www/html ServerAdmin webmaster@yourdomain.com ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCertificateChainFile /path/to/combined_bundle.crt </VirtualHost>
Note: Replace /path/to/ with the actual paths to your files.
Make sure that the <VirtualHost> specifies port 443, which is essential for handling secure HTTPS traffic. The SSLEngine must be set to ON to activate SSL encryption. You will also need to specify the paths to your SSL certificate files using the following directives:
-
SSLCertificateFile
This refers to the main SSL certificate file provided by your CA.
-
SSLCertificateKeyFile
This should point to the private key file you generated during the CSR creation process.
-
SSLCertificateChainFile
This indicates the CA bundle file.
Step 4: Save Changes and Restart Apache Server
After modifying the configuration file, save your changes and test the configuration for any syntax errors using:
apachectl configtest
If there are no errors, restart Apache to apply the changes:
sudo systemctl restart apache2
or
sudo service httpd restart
or
apachectl restart
Testing SSL installation
It’s important to verify that your SSL certificate is installed correctly once you have restarted your Apache server. You can do this by:
- Visiting your website using https:// in the browser’s address bar, this indicates that the connection is secure.
- You can also use tools like SSL Checker to check if your SSL was installed correctly.
Where to buy an SSL Certificate for Apache?
SSL2BUY is the perfect place to buy SSL certificates at affordable prices. Enjoy top-notch security features while effectively protecting your website. With strong encryption and compliance with industry standards, our SSL certificates provide secure data transmission. Plus, our easy installation process makes website security hassle-free.
