How to Install SSL certificate in Linux Apache


install ssl certificate in linux apache

Installing SSL certificates on your web server allows you to encrypt all the data transferred between users’ browsers and your web server. This not only makes your website more secure but also improves its credibility. Let us look at how to install SSL certificate in Linux Apache.

Before we start, it’s essential to download the primary, intermediate and root certificates issues by your certificate authority (CA) like Symantec, Norton, Comodo, RapidSSL, etc. Once you place an order on their website, you will receive them via email. Then you need to create a certificate signing request (CSR) using a tool like OpenSSL on Linux and submit it to your certificate authority. This will allow them to verify your website’s identity, every time a user visits your web pages. Here are the steps to create a CSR.

 

How to Install SSL certificate in Linux Apache

Here are the steps to install SSL certificate in Linux Apache

 

1. Copy the certificate files to your server

First, you need to copy the primary (e.g your_domain.crt) and intermediate certificate (e.g CertificateAuthority.crt) to a directory on your Linux Server where you intend to store all your certificate and key files. Primary certificate, also known as SSL certificate, is generally named after your domain. The intermediate certificate is named after the Certificate Authority (e.g RapidSSL, Comodo, Thawte, etc)

 

2. Edit Apache Config File

By default, your Apache server’s config file should be present at


/etc/apache2/sites-enabled/your_domain

 

If you are unable to find it there, you can use the following command to get its current location.


$ sudo a2ensite your_domain

 

Open it using a text editor. If you want your website to be accessible over both HTTP as well as HTTPS, you need to create two separate files, one for HTTP (port 80) and another for HTTPS (port 443)

If you want your website to accessible over only HTTPS, then you can directly edit the server config file’s <VirtualHost> block. In this case, your website won’t be available over HTTPS.

 

3. Configure VirtualHost block

Find the <VirtualHost> in your server config file and edit it as shown, for port 443 (HTTPS)


<VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/
SSLEngine on
SSLCertificateFile /path/to/your_domain.crt
SSLCertificateKeyFile /path/to/private_key.crt
SSLCertificateChainFile /path/to/CertificateAuthority.crt
</VirtualHost>

 

Make sure that:

  • SSLCertificateFile is your certificate file (e.g your_domain.crt)
  • SSLCertificateKeyFile is the private key file you create during the creation of CSR
  • SSLCertificateChainFile is the intermediate file issued by Certificate Authority (e.g CertificateAuthority.crt)

 

4. Test Apache Configuration and Restart Server

Once you have updated server config file, it’s important to test it before you restart server. If there are any errors in it, your server won’t restart. You can test it with the command


$ apachectl configtest

In some Linux systems, it is apachectl2

If everything is fine, you’ll see a message “Syntax OK”. In some cases, you might get a few warnings. Ignore them.

Restart your Apache server


$ apachectl stop
$ apachect1 start

If your Apache doesn’t restart with SSL enabled, then try the command apachectl startssl instead of apachectl start

Open your web browser and go to https://your_domain.com to see if your website is accessible over HTTPS

 

Congratulations! You have installed SSL certificate on Apache Linux.

 

If you want to redirect all HTTP requests to HTTPS in Apache, then you can follow the steps here.

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!