Apache HTTP Server - SSL Certificate Installation

Apache HTTP Server - SSL Certificate Installation

Apache HTTP Server - SSL Certificate Installation

Introduction

This article provides step-by-step instructions for installing your certificate in Apache HTTP Server. Note that as of version 2.4.8, the default configuration options have changed.

Process

  1. Copy certificates to your server.
    This includes your server certificate, private key, and an intermediate certificate.

    Your server certificate can be obtained from the delivery e-mail. Alternatively you can get it from your GlobalSign Account by clicking Edit on your order and copying the Certificate PEM Format text from the details. 

    The private key would have been generated along with the certificate signing request (CSR); it may very well already be on the server. If the private key is lost, you will need to reissue your certificate. 

    The intermediate certificate used will vary depending on product type. Click your product type in our Intermediate Certificate section to identify the correct cert. 
  2. Open your Apache configuration file for editing.
    This will generally be found in one of the following locations, depending on your OS:

    On CentOS/RedHat:
    /etc/httpd/httpd.conf
    /etc/httpd/sites-enabled/name-of-virtualhost.conf


    On Debian/Ubuntu:/etc/apache2/apache2.conf
    /etc/apache2/sites-enabled/name-of-virtualhost.conf

    The configuration may be in different location. A detailed mapping of configuration paths can be found on the Apache Wiki.
  3. Configure your virtual host to use the certificates.
    Locate the virtual host for your site. 

    <VirtualHost xxx.xxx.x.x:443>
        DocumentRoot /var/www/examplesite
        ServerName example.com www.example.com
        SSLEngine on
        SSLCertificateFile /path/to/examplesite.crt
        SSLCertificateKeyFile /path/to/privatekey.key
        SSLCertificateChainFile /path/to/intermediate.crt
    </VirtualHost>

    Point the following directives to the corresponding certificate:
    SSLCertificateFile - This should point to your server certificate.
    SSLCertificateKeyFile - This should point to your server's private key.
    SSLCertificateChainFile - This should point to the intermediate certificate for your product.

    Note: As of Apache 2.4.8, the SSLCertificateChainFile directive was deprecated and SSLCertificateFile was extended to support intermediate certificates. Adding the intermediate certificate to the end of your certificate will create a chain file for your server.
  4. Test your updated configuration.Depending on your system, run the command:
    apachectl configtest or apache2ctl configtest
    This will detect any errors in your configuration such as mismatched public & private keys, or an incorrect path. 
  5. Restart the Apache service.
    For older versions of Red Hat Enterprise Linux use init scripts as stated below:

CentOS/RedHat:

service httpd restart


Debian/Ubuntu:

service apache2 restart



For Red Hat Enterprise Linux 7 or CentOS 7.0 use the following commands: 

CentOS/RedHat:

systemctl restart httpd.service


Debian/Ubuntu:
systemctl restart apache2.service

Note: Some Apache configurations may show an entry for SSLCACertificateFile. This field is only needed if you use Apache for client authentication. The SSLCACertificateFile would point to a CA certificate or directory of CA certificates that issue certificates you accept for client authentication. 

Related Articles

GlobalSign System Alerts

View recent system alerts.

View Alerts

Certificate Inventory Tool

Please click the button below to log in or sign up.

Log In - Sign Up

SSL Configuration Test

Check your certificate installation for SSL issues and vulnerabilities.