Guide to Install SSL certificate on Apache Server

A simple guide which helps you install SSL on Apache Server

In this e-commerce age SSL installation has become a necessity. Varieties of easy-to-install SSL certificates are available now on the market. The installation process, however, always tends to go wrong if it is not carried out in a precise way. Here we provide you with an easy-to – follow guide for installing an Apache Server SSL certificate. But before that let’s take a look at some Apache Server information.

In 1995 a group of programmers had developed Apache. It is an open source HTTP server, which is freely available. It is highly compatible with many of the modern operating systems such as UNIX, FreeBSD, Linux, OpenVMS, Solaris, Windows NT, Novell NetWare etc. Distributed by the Apache Software Foundation, Apache offers a full range of features on the web servers. It is one of users preferred Web servers among the most popular. As of June 2013, Apache was estimated to be serving 54.2 percent of active websites and 53.3 percent of top servers across all the domains.

Please follow the steps mentioned below for installing SSL and Extended Validation (EV) SSL certificate on Apache (with mod ssl) & OpenSSL.

Note: Installation procedure would need you to make changes to Apache ‘s configuration files and then restart the Apache server at the end of the process. So please ensure that your system is capable to perform these tasks.

At Apache (with mod ssl) & OpenSSL install SSL certificate:

Step 1:
Copy the ‘your_domain_ com.crt’ certificate along with the CA bundle containing the intermediate certificate, normally called ‘Apache_Plesk_Install.txt,’ to your server where all the certificates and key files are stored. It is ‘/etc / ssl’ generally.

Step 2:
Edit the Apache configuration file to proceed. Its location may vary depending on the distribution you are using (Windows, Debian / CentOS / Fedora / etc. Linux), and the Apache version. Open it in any of your preferred editors after you have located the file.

Step 3:
Locate now the section < VirtualHost > for the SSL-enabled site where you are installing the certificate. That would start like < VirtualHost 127.0.0.1:443 >.

Step 4:
In this step add in the section VirtualHost the following lines. Please ensure the file paths are changed to match the file locations on your server.

Apache 1.3.x for:

SSLEngine With
SSLCertificateKeyFile /etc / ssl / ssl.key / server.key
SSLCertificateFile /etc / ssl / ssl.crt / yourDomainName.crt
SSLCACertificateFile /etc / ssl / ssl.crt / Apache Plesk Install.txt

About Apache 2.x:

SSLEngine With
SSLCertificateKeyFile /etc / ssl / ssl.key / server.key
SSLCertificateFile /etc / ssl / ssl.crt / yourDomainName.crt
SSLCertificateChainFile /etc / ssl / ssl.crt / Apache Plesk Install.txt

Step 5:
Save those modifications to the file. Now get Apache restarted. You will need to ‘Stop’ and then ‘Start’ the server instead of using the ‘Restart’ command for the changes to take effect.

NOTE: If you’ve obtained a password for your private key, you’ll be prompted to enter it each time. Apache won’t fully start until the password is entered.
The configuration file is often called httpd.conf or apache.conf, but the SSL-enabled link is sometimes placed in a separate file named ssl.conf. It is then connected with the aid of a ‘Include Statement’ from the key configuration. The VirtualHost section may sometimes be in a specific file for that particular site, in a subdirectory also labeled as sites-enabled/.

At Apache (with mod ssl) & OpenSSL install EV SSL certificate:

Step 1:
Transfer Domain Certificate File to Apache Server Directory

Second, download the files from your certificate. The certificate for the domain is called your domain name.crt. Usually it would be contained in a file with * zip. It can also be downloaded from the ‘Free Download: Individual Certificate Files’ section in the Account Manager.

When presented in a text editor, the certificate’s like this:

When it is viewed in a text editor, your certificate would look like this:

—–BEGIN CERTIFICATE—–
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(…….)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
—–END CERTIFICATE—–

Now, copy your certificate into your Private Key in the same tab. We will use ‘/etc/ssl/crt/’ for this example, while the private key used would be called ‘private.key’ and ‘your domain name.crt’ will be the public key.

Here it is recommended that you make the directory that contains the private key file readable by root only.

Step 2:
Intermediate deployment of Certificates

You will need to install the intermediate CA certificates to have the browsers trust your SSL certificate. They ‘re included in the package ‘Apache Plesk Install.txt.’ In the Account Manager this can be accessed from the ‘Optional Download: Individual Certificate Files’ section.

Alternatively, through combining the ‘UTNAddTrustServer CA.crt’ file, the ‘ComodoUTNServerCA.crt’ and the ‘ComodoEVSSLCA.crt’ information above the ‘ComodoEVSSLCA.crt’ content, you can easily build the file yourself.

The files can be found in a *zip file, or they must be downloaded individually from the Account Manager’s ‘Optional Download: Individual Certificate Files’ section. Please ensure the combined files do not contain white spaces.

You are told to use the .txt file here.

Follow these steps to get the correctly referenced files for your site in the related ‘Virtual Host’ folder.

Step A:
First, copy the ‘Apache Plesk Install.txt’ file to the directory where all the main files and certificates are stored. We referred to it in one of the previous steps as ‘/etc / ssl / crt/’.

Step B:
Now add the following line to the ‘httpd.conf’ file’ portion of SSL. And just like the above step, copy it to ‘/etc/ssl/crt/’ (which is where you copied the CA file in between). If the line already exists, then change it as follows:

SSLCertificateChainFile /etc / ssl / crt / Apache Plesk Install.txt

Step C:
If you use different location names and file names then you need to change the path and filename to reflect the change. The uploaded ‘config “SSL section should now read:

SSLCertificateFile /etc / ssl / crt / yourDOMAINNAME.crt
SSLCertificateKeyFile /etc / ssl / crt / private.key
SSLCertificateChainFile /etc / ssl / crt / Apache Plesk Install.txt

Step D:
All you need to do is save the ‘cfg’ and restart ‘Apache’ in this final phase of the installation process.