Installing SSL certificates on your web server allows you to encrypt all the data transferred between users’ browsers and your web server. This not only makes your website more secure but also improves its credibility. Let us look at how to install SSL certificate in Linux Apache.
Before we start, it’s essential to download the primary, intermediate and root certificates issues by your certificate authority (CA) like Symantec, Norton, Comodo, RapidSSL, etc. Once you place an order on their website, you will receive them via email. Then you need to create a certificate signing request (CSR) using a tool like OpenSSL on Linux and submit it to your certificate authority. This will allow them to verify your website’s identity, every time a user visits your web pages. Here are the steps to create a CSR.
How to Install SSL certificate in Linux Apache
Here are the steps to install SSL certificate in Linux Apache
1. Copy the certificate files to your server
First, you need to copy the primary (e.g your_domain.crt) and intermediate certificate (e.g CertificateAuthority.crt) to a directory on your Linux Server where you intend to store all your certificate and key files. Primary certificate, also known as SSL certificate, is generally named after your domain. The intermediate certificate is named after the Certificate Authority (e.g RapidSSL, Comodo, Thawte, etc)
2. Edit Apache Config File
By default, your Apache server’s config file should be present at
If you are unable to find it there, you can use the following command to get its current location.
$ sudo a2ensite your_domain
Open it using a text editor. If you want your website to be accessible over both HTTP as well as HTTPS, you need to create two separate files, one for HTTP (port 80) and another for HTTPS (port 443)
If you want your website to accessible over only HTTPS, then you can directly edit the server config file’s <VirtualHost> block. In this case, your website won’t be available over HTTPS.
3. Configure VirtualHost block
Find the <VirtualHost> in your server config file and edit it as shown, for port 443 (HTTPS)
<VirtualHost 192.168.0.1:443> DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /path/to/your_domain.crt SSLCertificateKeyFile /path/to/private_key.crt SSLCertificateChainFile /path/to/CertificateAuthority.crt </VirtualHost>
Make sure that:
- SSLCertificateFile is your certificate file (e.g your_domain.crt)
- SSLCertificateKeyFile is the private key file you create during the creation of CSR
- SSLCertificateChainFile is the intermediate file issued by Certificate Authority (e.g CertificateAuthority.crt)
4. Test Apache Configuration and Restart Server
Once you have updated server config file, it’s important to test it before you restart server. If there are any errors in it, your server won’t restart. You can test it with the command
$ apachectl configtest
In some Linux systems, it is apachectl2
If everything is fine, you’ll see a message “Syntax OK”. In some cases, you might get a few warnings. Ignore them.
Restart your Apache server
$ apachectl stop $ apachect1 start
If your Apache doesn’t restart with SSL enabled, then try the command apachectl startssl instead of apachectl start
Open your web browser and go to https://your_domain.com to see if your website is accessible over HTTPS
Congratulations! You have installed SSL certificate on Apache Linux.
If you want to redirect all HTTP requests to HTTPS in Apache, then you can follow the steps here.