HTTPS protocol encrypts the data transferred between your browser and web server. It not only makes your website more secure but also improves its credibility. Here are the steps to install SSL certificate on Apache Ubuntu Web Server.
Before you begin, please make sure that you download the primary, intermediate, and root certificate files issued by Certificate Authority (CA) like Symantec, Norton, RapidSSL, Comodo, Verisign, etc. You’ll receive them via email once you place the order on their site. Then you need to create a certificate signing request (CSR) using OpenSSL tool on Ubuntu, and submit it to your certificate authority, so they can verify your site’s identity, every time your users visit its pages.
How to Install SSL Certificate on Apache Ubuntu Web Server
Here are the steps to install SSL certificate on Apache Ubuntu Web Server
1. Copy/Paste the certificate files to your server
To begin with, copy the primary (your_domain.crt) and intermediate certificate (CertificateAuthority.crt) to a directory on your Ubuntu Server where you want to store all certificate and key files. Primary certificate is also called SSL certificate. It will be named after your domain while the intermediate file will be named after the issuing authority (e.g RapidSSL, Comodo, Thawte, etc).
2. Edit Apache Config file
By default, you’ll find Ubuntu Apache configuration file at /etc/apache2/sites-enabled/your_domain
If you are unable to find it at that location, you can find it with the command
$ sudo a2ensite your_domain
Open it using a text editor. If you want your website to be accessible over both HTTP and HTTPS then you need to create 2 separate config files, one for HTTP (port 80) and the other for HTTPS (port 443).
If you want your website to be available only via HTTPS, then you can directly edit the config file’s <VirtualHost> block.
3. Configure Virtual Host block
Here’s a sample Virtual Host block for SSL (port 443)
<VirtualHost 192.168.0.1:443> DocumentRoot /var/www/ SSLEngine on SSLCertificateFile /path/to/your_domain.crt SSLCertificateKeyFile /path/to/private_key.crt SSLCertificateChainFile /path/to/CertificateAuthority.crt </VirtualHost>
Update your Virtual Host block to make sure that:
- SSLCertificateFile is your certificate file (e.g your_domain.crt)
- SSLCertificateKeyFile is the private key file you create during the creation of CSR
- SSLCertificateChainFile is the intermediate file issued by Certificate Authority (e.g CertificateAuthority.crt)
4. Test Apache Config File and Restart Server
You need to restart Apache server to apply changes. However, it won’t restart if there are any errors in its config file. So test it with the command
$ apachectl configtest
In some systems it is (apache2ctl)
You’ll see a message “Syntax OK”, with some warnings in some cases.
Restart your Apache web server
$ apachectl stop $ apachect1 start
If Apache doesn’t restart with SSL enabled, then try apachectl startssl instead of apachectl start
Open your web browser and go to https://your_domain.com to see if your site loads over HTTPS.
Congratulations! You have installed SSL certificate on Apache Ubuntu Web Server.