In this article, we will show you how to install an SSL certificate on Apache. You will also learn how to generate a CSR code on Apache – a necessary step for your SSL certificate activation. In part three you will discover a few interesting facts about the Apache server, while in the final section of this article, we will give you useful tips on where to buy the best SSL certificate for your Apache server.
How to generate a CSR code on Apache?
The Certificate Signing Request, or simply CSR, is a small text file containing information about your domain ownership and/or company. Generating the CSR is an integral part of the SSL buying process. All commercial Certificate Authorities require SSL applicants to complete this step. Here’s how you can create your CSR on Apache:
- Connect via Secure Shell (SSH) to your server’s terminal
- Type the following command at the prompt:
openssl req -new -newkey rsa:2048 -nodes -keyout yourdomain.key -out yourdomain.csr
Don’t forget to replace yourdomain with your real domain name. For example, if your domain is ssldragon.com, you type ssldragon,key and ssldragoin.csr
- Next, include the following information into the CSR. Please, use only alphanumeric characters when entering your details
- Country Name: enter the two-letter code of your country. If you have a Business Validation or Extended Validation certificate, make sure the country you submit, is the official residence of your organization
- State or Province Name: type the full name of the state or region where your company is registered
- Locality Name: specify the name of the city or town where your business is located
- Organization Name: enter the officially registered name of your company. For instance, GPI Holding LLC. For Domain Validation certificates, you can put in NA instead
- Organization Unit Name: it’s usually IT or Web Administration. You can sue NA for DV certificates
- Common Name: specify the Fully Qualified Domain Name (FQDN) to which you want to assign your SSL certificate. For example, ssldragon.com. If you want to activate a wildcard certificate, add an asterisk in front of your domain name (e.g. *.ssldragon.com)
- Email Address: provide a valid email address
Note: Next attributes are optional. If you don’t want to fill them in input a dot (.) to leave them blank.
- A challenge password: this is an obsolete attribute, no longer required by the Certificate Authorities. To avoid any confusion, leave this field blank
- An Optional Company Name: If your official company name seems too long or complex, you can enter a shorter name or your brand name here. Again, to avoid confusion, we recommend ignoring this field
- The OpenSSL utility will instantly create two files:
- key containing your private key (you will need it later during SSL installation)
- csr incorporating your CSR code (you will need it when applying for your SSL certificate)
- Open the yourdomain.csr file with a text editor of your choice, and copy-paste its content including the —–BEGIN CERTIFICATE REQUEST—– and footer —–END CERTIFICATE REQUEST—– tags during your order process with SSL Dragon.
Install an SSL Certificate on Apache
After the Certificate Authority signs and sends you the SSL Certificate, you can safely install it on your Apache server.
- Prepare all your certificate files. Download and extract the following files from the zip folder that you’ve received from your CA:
- .crt file – this is your primary SSL certificate
- .ca-bundle file – inside are the root and intermediate certificates. The chain of intermediate and root certificates is required for older browsers and applications. Without it, your site may be flagged us not secure
Note:If your Ca bundle certificates are in separate files, upload them to your server and use the following command to create a single CA bundle file:
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt
The example above is for Comodo PositiveSSL certificate.
- Find the Apache configuration file to edit. Depending on the server and OS version, the config file may reside in different directories. Look for httpd.conf, apahce2.conf or ssl.conf in one of the following directories: etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf
Note: If your Apache server is running on Ubuntu OS, please follow these installation instructions instead.
- Once you’ve located the Apache configuration file, you have to configure the virtual host section of your site. First, back up your current *.conf file. This way, if something goes wrong, you will be able to undo the changes. Tip: copy the existing *.conf file and rename it to *.conf_backup
- Now, it’s time to edit the Virtual Host. A typical Virtual Host looks like this:
<VirtualHost [IP ADDRESS]:443>
ServerAdmin [email protected]
- The part highlighted in bold is the one you have to edit with your corresponding details
- Make sure the attributes in bold don’t have a ‘#’ (comment) in front of them; otherwise, please uncomment them
- Change the file names to match your certificate files and their location on the server:
- SSLCertificateFile: this is your primary SSL certificate file
- SSLCertificateKeyFile: this is your private key file. You’ve generated it along with the CSR code
- SSLCertificateChainFile: this is your CA Bundle file
- Save your Apache configuration file and restart your server. To restart Apache run one of the commands below:
- If something goes wrong, or Apache fails to restart, don’t panic! Remember, you created a backup configuration file in step 3. All you have to do is delete the modified configuration file, revert to your backup and repeat the installation process. If the installation was successful, congratulations! Your website is now secure.
Test your SSL installation
After you install an SSL certificate on Apache, you can use one of these excellent SSL tools to check the status of your installation. The instant scans will discover any potential errors and vulnerabilities that may affect the certificate performance.
Apache history and versions
The Apache HTTP Server or simply Apache is one of the most popular free and open source cross-platform web servers, hosting around 40% of all active websites. The original author of Apache is Robert McCool, a software developer, and architect. McCool initially built the NCSA HTTPd web server which later became the Apache server.
Over the years, people behind Apache have offered several explanations for the origin of the Apache name. In 1995, the official documentation stated that Apache was a pun on “A PAtCHy” server. Since Apache was built on a series of patches, this clarification made sense. However, since 2013, the Apache Foundation has attributed a different meaning to the name. According to them, the name “Apache” is a tribute to the various Native American nations, referred to as Apache.
The initial release of Apache was in 1995. Below you’ll find all the major versions of Apache:
- Version 1.3 – released on June 6, 1998 (no longer supported)
- Version 2.0 – released on April 6, 2002 (no longer supported)
- Version 2.2 – released on December 1, 2005 (no longer supported)
- Version 2.4 – released on February 21, 2012.
Where to buy an SSL Certificate for Apache?
The best place to get an SSL Certificate for Apache is from SSL Dragon. We offer unbeatable prices and discounts on the entire range of our SSL products. We’ve carefully selected the best SSL brands on the market to equip your website with bulletproof protection. All our SSL certificates are compatible with Apache. Here are the types of SSL certificates we sell:
- Domain Validation
- Business Validation
- Extended Validation
- Code Signing
- IP Address
To help you choose the perfect SSL certificate, we developed two exclusive SSL tools. Our SSL Wizard needs just a couple of seconds to find the best SSL deal for your website. On the other hand, the Advanced Certificate Filter lets you sort and compare various SSL certificates by price, validation, and features.
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.