How to Install an SSL Certificate on Apache?

1 Star2 Stars3 Stars4 Stars5 Stars (6 votes, average: 4.83 out of 5)
Loading...
Install an SSL Certificate on Apache

Install an SSL Certificate on Apache: A Step-By-Step Guide

Ready to secure your Apache web server like a pro? It is a breeze to install SSL Certificate on Apache with our step-by-step guide. No more worrying about cyber threats; encrypt your website with ease and take control of your online security.

Before Generating CSR and Installation, you need to Purchase SSL Certificate!

~ Starts at Just $3.99

Generating a Certificate Signing Request (CSR)

Creating a CSR on Apache is a crucial step in acquiring an SSL certificate. This small text file contains information about your domain and/or company and must be submitted to the Certificate Authority (CA) during the SSL application process.

You have two options to generate the CSR: automatically using a CSR Generator or manually generating it. Once the CA has signed and sent the SSL Certificate, you can proceed with the installation on your Apache server.

Also Read: How to Install an SSL in Apache OpenSSL?

Install an SSL Certificate on Apache

Once the CA has signed and sent the SSL Certificate, you can proceed with the installation on your Apache server. These are the steps.

Step 1: Obtain the Necessary SSL Certificate Files

Retrieve and unzip the following files from the zip folder provided by your Certificate Authority:

  • .crt file – this is the main SSL certificate
  • .ca-bundle file – it contains the root and intermediate certificates necessary for compatibility with older browsers and applications.

Failure to include the chain of intermediate and root certificates may result in your site being marked as insecure.

Tip: If the CA bundle certificates are in separate files, upload them to your server and use the following command to create a single CA bundle file:

cat CERTERARSADomainValidationSecureServerCA.crt CERTERARSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt

This example is for a Certera SSL certificate.

Step 2: Locate the Apache Configuration File

To edit the Apache configuration, you need to find the correct file. The location of the file may vary depending on the server and operating system version.

Common directories to search in include: etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf.

Please Note: If you are using an Apache server running on Ubuntu OS, you should use the specific SSL installation instructions for Ubuntu.

Step 3: Modify the Virtual Host Configuration

To proceed with the installation you need to make changes to the Virtual Host section of the Apache configuration file. Before making any changes, it’s advisable to back up the existing configuration file. Simply copy the *.conf file and rename it to *.conf_backup.

Now, you’re ready to edit the Virtual Host. A sample Virtual Host looks like this:

<VirtualHost *:443>
  ServerAdmin [email protected]
  DocumentRoot /var/www/
  ServerName example.com
  ErrorLog /var/log/apache2/error.log
  SSLEngine on
  SSLCertificateFile /etc/ssl/certs/example.crt
  SSLCertificateKeyFile /etc/ssl/private/example.key
  SSLCertificateChainFile /etc/ssl/certs/example.ca-bundle
</VirtualHost>

Note: The Virtual Host directive should specify port 443 to listen to encrypted HTTPS traffic, and the SSLEngine directive should be set to on to enable SSL encryption. The SSLCertificateFile, SSLCertificateKeyFile, and SSLCertificateChainFile directives should specify the location of your SSL certificate, private key, and CA bundle files, respectively.

The attributes in bold need to be updated with the details of your SSL certificate files. Make sure there are no comment signs ‘#’ before the attributes, if there are, uncomment them.

Replace the file names with the location and names of your SSL certificate files:

  • SSLCertificateFile: the primary SSL certificate file
  • SSLCertificateKeyFile: the private key file generated while creating the CSR
  • SSLCertificateChainFile: the CA Bundle file.

Step 4: Save Changes and Restart Apache Server

Now that you have finished editing the Apache configuration file, it’s time to save your changes and restart the server. To do so, run one of the following commands:

  • apachectl stop
  • apachectl start
  • apachectl restart

If you encounter any issues during the restart process, don’t worry! You created a backup of the configuration file in step 3, so all you have to do is delete the modified file and revert to the backup. Then, repeat the installation process.

If everything goes smoothly, your apache SSL installation is done.

Checking your SSL Installation

After completing the SSL installation on Apache, utilize one of the top SSL tools available to assess the status of your installation. These quick scans will uncover any errors or security weaknesses that could hinder the performance of your certificate.

Where to Buy an SSL Certificate for Apache?

CheapSSLWeb is your one-stop shop for the Best SSL Certificates with unbeatable prices and top-notch security features, you can protect your website without breaking the bank.

Janki Mehta

Janki Mehta

Janki Mehta is a Cyber-Security Enthusiast who constantly updates herself with new advancements in the Web/Cyber Security niche. Along with theoretical knowledge, she also implements her practical expertise in day-to-day tasks and helps others to protect themselves from threats.