How to Install SSL Certificate in Apache Web Server?
This article will deal with how to install SSL certificate in Apache web server, a web server that was estimated to be serving 54.2% of active websites and 53.3% of best servers across all the domains.
Installing SSL certificate has become a necessity in an era where every kind of business takes place online, and the rate of website hacks are on the rise. You will find plenty of SSL certificates to choose from, but once you get them, the installation process is not the same for all servers.
The good news is that it is not that difficult to install an SSL certificate on Apache if you know the steps. After you get your certificate from your SSL certificate provider, you can proceed to install it on the Apache web server.
Step by Step Guide to install SSL cert on APache
1. Download and copy your certificate files
After you receive your Primary Certificate and the Intermediate Certificates via the order completion email sent by your certificate authority (CA), download them. You need to copy the certificate files to the directory on the server where other files are stored like private key and certificates.
2. Find the httpd.conf file
There are two configuration files: Apache and SSL certificate. Apache configuration file called httpd.conf or apache2.conf that is generally found under /etc/httpd/ or /etc/apache2/
While SSL configuration file can be found at a <VirtualHost> block resides in a different configuration file. These configuration files can be found under a directory like /etc/httpd/vhosts.d/, /etc/httpd/sites/ or file httpd-ssl.conf
3. Find out and configure the SSL <VirtualHost> block
Do you wish to make your website accessible to both HTTPS and HTTP connections then, you need a virtual host for both the HTTPS and HTTP protocol. Before anything, create a copy of the current non-secure virtual host before configuring it for HTTPS (SSL).
To make your website to be accessible solely via HTTPS, you can configure the existing virtual host for SSL.
But before you modify the virtual host, it is recommended to backing up the configuration file before making any changes to it. You can revert the changes if something goes wrong later. Just copy your current .conf file and rename it as .conf_backup.
Here’s how to configure the <VirtualHost> block for the SSL-enabled site:
Remove the hash # from the line 'httpd.conf file #Include conf/extras/httpd-ssl.conf'. It has nearly all the SSL-related settings configured out of the box. You can point the VirtualHost settings to your certificate files, directories, and website.
Here’s how a configured virtual host for your SSL certificate is going to appear:
<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/html2
ServerName www.example.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/certificate authority.crt
</VirtualHost>
Note that in the above code, all the parts highlighted in bold are to be added for SSL configuration.
4. Change the names of the files (as well as paths) to match certificate files
You will also be required to adjust some file names and paths to match your certificate files:
- Ensure that SSLCertificateFile is the primary certificate file for your domain name.
- Generate SSLCertificateKeyFile as the .key file when you create the CSR.
- Make sure that SSLCertificateChainFile is the intermediate certificate file that was supplied by your certificate authority.
In case of owning multiple Intermediates, you may be required to concatenate the files into one. Opt for ‘SSLCACertificateFile’ in case this file fails to work.
5. Re-check for any errors
Ensure to re-check all your Apache config files in case any error occurs. The Apache web server will not start again in case there are some syntax errors in it. You can run the following command to check your Apache server:
apachectl configtest
6. Shut down your text editor (make sure to save the changes made).
7. Start your server again
Restart the Apache server by using the following 'apachectl' commands to start/stop with SSL support:
apachectl stopapachectl start
If the above commands don’t work, try out the following code:
apachectl startssl
Note: In case something goes wrong during the process or Apache service failed to restart, simply delete the modified configuration file and go back to your backup configuration, which you created in step 3.
Congratulations! You have successfully installed an SSL certificate on your Apache web server.
Useful Troubleshooting Tips
In case you receive a "not trusted" warning, go back to your certificate details to confirm it is the certificate you ordered. Make sure to check the Subject, Issuer, and Valid To fields.
- If it's the correct certificate you ordered, then your SSLCertificateChainFile is not configured correctly.
- In case it is not the certificate you ordered, then you may have another SSL <VirtualHost> block before the one you just configured.
- You should use the same certificate for all virtual hosts then only name-based virtual hosts will work with HTTPS (multi domain or wildcard SSL).
- Before receiving HTTP request, for a successful SSL handshake, Apache should provide a certificate. To match the IP and requested port, Apache sends the SSLCertificateFile from the first <VirtualHost> block.
As you can see, it is not that difficult to install an SSL certificate on Apache once you learn the steps, even though the process may appear complex at first. Installing an SSL certificate will not only provide security to your site but can boost your SEO rankings, increase traffic, and gain user’s trust.
Moreover, SSL is, at present, the standard of web security. It can add the much-needed layer of encryption to data that is sent across an HTTP stream. SSL ensures that the data is securely transmitted and hidden from prying eyes. Though you can’t consider SSL as the be-all and end-all of securing data, it is essential for online security. Combined with other internet security protocols, SSL certificates can be very powerful.
