In this article, let me show you how to install an SSL certificate on Apache web server, one of the most popular web servers.
Prepare all your certificate files. The Certificate Authority will email you a Zip-archive with several .crt files. Alternatively, you can download the certificate files in your account.
The zip-archive will contain:
● .crt file – your primary SSL Certificate for your domain name
● .ca-bundle file – include intermediate certificates. If you uploaded the intermediate Certificates separately onto your server, you will need to use the following command to create a single CA-Bundle file.
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt >> bundle.crt
The example above is for Sectigo PositiveSSL certificate.
Depending on the server and OS version, the configuration file may reside in different directories. Look for httpd.conf, apahce2.conf or ssl.conf in one of the following directories: etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf
To learn more different OS versions and the default installation layout of Apache HTTPD, please click Httpd Wiki - DistrosDefaultLayout.
The configuration file contains the Virtual Hosts for all domains that are hosted on the server.
Note: If you have Apache server installed on the Ubuntu operating system, each site has a separate configuration that can be found at /etc/apache2/sites-enabled/. To have your site accessible via secure and non-secure connection, you will need two separate configuration files: one for port 80 and the other for port 443.
Once you’ve located the Apache configuration file, you have to configure the virtual host section of your site.
First, you are suggested to back up your current configuration file before making any changes. This way you can revert the changes if something goes wrong. So, copy and save your existing *.conf file as *.conf_backup.
Now, please edit the Virtual Host. A typical Virtual Host looks like this:
<VirtualHost [IP ADDRESS]:443>
SSLCertificateFile /path/to/ nicsrs_com.crt
SSLCertificateChainFile /path/to/ nicsrs_com.ca-bundle
Make sure the directives highlighted in bold without no # in front of them. And then, change the file names to match your certificate files and their location on the server:
● SSLCertificateFile pointed to the location of the Certificate issued for your domain name
● SSLCertificateKeyFile pointed to the location of your Private Key on the server.
● SSLCertificateChainFile pointed to the location of the CA-Bundle file.
Test if the new configuration of your Apache service has proper syntax using this command:
If the syntax is OK, save your changes in the configuration file and restart your server.
You can use these apachectl commands below to restart Apache:
If the Apache service fails to restart or the SSL does not get installed, make sure the configuration file is created properly. All you can do is to delete the modified configuration file, revert back to your backup configuration file, and repeat the installation process. Alternatively, you can contact our support team for assistance.
After you install an SSL certificate on Apache, you can confirm the status of your installation by our excellent SSL Checker Tool. The instant scans will discover any potential errors and vulnerabilities that may affect the certificate performance.