An Instant Guide on How to Install SSL Certificate on Apache Server
Securing your website is like having a lock on your network that protects it from cyberattacks. SSL/TLS encryption is a communication lock between a web server and a browser. These encryptions ensure that sensitive information, such as passwords, and financial and personal data, remains private. Installing a digital certificate on your server is one way to leverage SSL/TLS encryption.
Apache server is one of the popular options in the market, with many organizations opting it for their websites. Securing your Apache web server with SSL certificates is essential for ensuring the privacy and security of data on your website.
This article will guide you through the process of Apache web server SSL certificate installation. If you haven’t obtained the certificate from the certificate authority yet, you will need to generate CSR for Apache web server before moving forward.
Prerequisites of Apache Server SSL Certificate Installation
There are three prerequisites before installing SSL certificate on an Apache server,
-
Server Certificate:
You will need a server certificate from the certification authority for your domain. You can get one for your domain by submitting a certificate signing request (CSR). Once the CA verifies the organization details mentioned in the CSR.
-
CA Chain Certificates:
These certificates allow the devices that connect with your server to identify the issuing certificate authority and determine authenticity. When a CA issues the SSL certificate, a bundle with all the certificate files, including the intermediate & root certificate file, is sent to your email.
-
A Private Key:
This is the file that is generated along with the CSR. If your CSR is generated from OpenSSL, then it will be available on the server directory.
Now that you know what you need to install an SSL certificate on the Apache server, let’s understand the process step-by-step.
Steps to Install SSL Certificate on Apache Server
The process of how to install SSL certificate on the Apache server begins by first getting your SSL certificate. Once you have completed the payment process, generated the CSR and finished the validation process, you can then follow the below given steps.
Step 1: Upload the SSL certificate
Download the contents of your SSL certificate and upload it on the Apache server. You will receive a zip file with the .crt files bundled together. These files are in a chain of intermediate and root certificates.
Upload the file’s contents in a single directory on the Apache server. The next step is to configure the server to activate these certificates.
Step 2: Locate the Apache SSL configuration file
Configuration files on the Apache web server can differ based on the operating system and its version. Most commonly, the file is named “httpd.conf, apache2.conf or ssl.conf. “
You can find the file at the following location on the Apache web server,
“/etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf.”
However, if you are using Ubuntu, each site will have a separate config file you can locate at “/etc/apache2/sites-enabled/.”
Step 3: Configure the virtual host
You can modify the virtual host for port 443 in the configuration file by using the following code,
DocumentRoot var/www/yourdomain ServerName www.yourdomain.com ErrorLog www/home/logs/error_log SSLEngine on SSLCertificateFile /etc/ssl/yourdomain_com.crt SSLCertificateKeyFile /etc/ssl/yourdomain.key SSLCertificateChainFile /etc/ssl/cabundle.crt
Before you change the configuration, make sure you back it up by copying and saving the existing config file from “*.conf file” to “*.conf_backup.”
You must also ensure the virtual host has specific settings before the configuration changes.
- Keep the SSLEngine on
- Keep SSLCertificateFile pointed towards the certificate location
- SSLCertificateKeyFile should be pointed towards the private key location
- SSLCertificateChainFile needs to be pointed towards the CA bundle file
Once you configure the Apache web server for the installation of SSL certificate, the next step is to enable OCSP (Online Certificate Status Protocol) stapling.
Step 4: Enable OCSP Stapling
Enabling the OCSP stapling for your website will enhance the performance of the SSL certificate. To enable it you need to add the following directive on the virtual host,
SSLUseStapling on
Next specifies the OCSP cache response location and size through the following directive,
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
It is important to note that you can only enable OCSP stapling for Apache HTTP server versions 2.3.3 or higher.
Step 5: Save the configuration and restart
Once you have the configuration ready, save it and restart the server. This process may differ based on the type of OS you are using. For example, if you are using Debian-based Apache, you need to run the following command to test if the configuration has the correct syntax:
apachectl -t
If the syntax is correct, you can save the changes in config files and restart the server using apachectl commands,
apachectl restart apachectl stop apachectl start
Similarly if you have RHEL-based OS like CentOS, RedHat or others, you can check for correct syntax using the following command,
httpd -t
If the syntax is correct, you can restart the server using the following command,
sudo service httpd restart
Once the Apache web server restarts, make sure to check whether the SSL configuration is added or not by using the following syntax,
httpd -S
Also check for *.443: line in the input to check if the settings include the most recent SSL configuration file.
If the server fails to restart or the SSL configuration is not added properly, you may have to install it again. You can first use the backup configuration to ensure the website is active and then repeat the entire process.
Conclusion
Protecting the data and establishing trust among customers is not easy with rising cyberattacks. Fortunately, SSL certificates can help secure data through encryptions, you need to install it on your Apache web server.
This guide provides a step-by-step process on how to install SSL certificate on Apache server. The process can differ based on what type of server or OS you use. However, by leveraging the above process you can secure your website hosted on Apache servers.
If you need more help with installing your SSL certificate on Apache Server, please reach out to our support team. We are here and ready to provide any assistance you may need!