In this article, we will show you how to install an SSL certificate on Apache. In the final section of this article, we will give you useful tips on where to buy the best SSL certificate for your Apache server.
Table of Contents
- How to generate a CSR code on Apache?
- Install an SSL Certificate on Apache.
- Test your SSL installation.
- Where to buy an SSL Certificate for Apache?
How to generate a CSR code on Apache?
The Certificate Signing Request, or simply CSR, is a small text file containing information about your domain ownership and/or company. Generating CSR is an integral part of the SSL buying process. All commercial Certificate Authorities require SSL applicants to complete this step.
You have two options:
- Generate the CSR automatically using our CSR Generator.
- Follow our step-by-step tutorial on how to create the CSR on Apache.
Install an SSL Certificate on Apache
After the Certificate Authority signs and sends you the SSL Certificate, you can safely install it on your Apache server.
Step 1: Prepare all your certificate files
Download and extract the following files from the zip folder that you’ve received from your CA:
- .crt file – this is your primary SSL certificate
- .ca-bundle file – inside are the root and intermediate certificates. The chain of intermediate and root certificates is required for older browsers and applications. Without it, your site may be flagged as not secure
Note: If you Ca bundle certificates are in separate files, upload them to your server and use the following command to create a single CA bundle file:
cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crtThe example above is for Sectigo PositiveSSL certificate.
Step 2: Find the Apache configuration file to edit.
Depending on the server and OS version, the config file may reside in different directories. Look for httpd.conf, apahce2.conf or ssl.conf in one of the following directories: etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf
Note: If your Apache server is running on Ubuntu OS, please follow our SSL installation instructions for Ubuntu instead.
Step 3: Configure the virtual host section
Once you’ve located the Apache configuration file, you have to configure the virtual host section of your site.
First, back up your current *.conf file. This way, if something goes wrong, you will be able to undo the changes.
Tip: copy the existing *.conf file and rename it to *.conf_backup
Now, it’s time to edit the Virtual Host. A typical Virtual Host looks like this:
ServerAdmin [email protected]
DocumentRoot /var/www/
ServerName www.ssldragon.com
ErrorLog /www/home/logs/error_log
SSLEngine on
SSLCertificateFile /etc/ssl/ssldragon_com.crt
SSLCertificateKeyFile /etc/ssl/ssldragon.key
SSLCertificateChainFile /etc/ssl/ssldragon_com.ca-bundleThe part highlighted in bold is the one you have to edit with your corresponding details
Make sure the attributes in bold don’t have a ‘#’ (comment) in front of them; otherwise, please uncomment them
Change the file names to match your certificate files and their location on the server:
- SSLCertificateFile: this is your primary SSL certificate file
- SSLCertificateKeyFile: this is your private key file. You’ve generated it along with the CSR code
- SSLCertificateChainFile: this is your CA Bundle file
Step 4: Save your Apache configuration file and restart your server.
To restart Apache run one of the commands below:
apachectl stop
apachectl start
apachectl restartIf something goes wrong, or Apache fails to restart, don’t panic! Remember, you created a backup configuration file in step 3. All you have to do is delete the modified configuration file, revert to your backup and repeat the installation process.
If the installation was successful, congratulations! Your website is now secure.
Test your SSL installation
After you install an SSL certificate on Apache, you can use one of these excellent SSL tools to check the status of your installation. The instant scans will discover any potential errors and vulnerabilities that may affect the certificate’s performance.
Where to buy an SSL Certificate for Apache?
The best place to get an SSL Certificate for Apache is from SSL Dragon. We offer unbeatable prices and discounts on the entire range of our SSL products. We’ve carefully selected the best SSL brands on the market to equip your website with bulletproof protection. All our SSL certificates are compatible with Apache.
To help you choose the perfect SSL certificate, we developed two exclusive SSL tools. Our SSL Wizard needs just a couple of seconds to find the best SSL deal for your website. On the other hand, the Advanced Certificate Filter lets you sort and compare various SSL certificates by price, validation, and features.
If you find any inaccuracies, or you have details to add to these SSL installation instructions, please feel free to send us your feedback at [email protected]. Your input would be greatly appreciated! Thank you.
Frequently Asked Questions
SSL (Secure Sockets Layer), now TLS (Transport Layer Security), is a cryptographic protocol that encrypts communications between two network endpoints, for instance, a web server such as Apache and users’ browsers.
Copy Link
For Debian and Ubuntu distributions, use the following commands
#grep -ir SSLProtocol /etc/apache2/*
/etc/apache2/mods-available/ssl.conf:SSLProtocol +TLSv1.2 +TLSv1.3
Copy Link
The conf. file may reside in different locations depending on your OS and configuration. Check the httpd.conf, apahce2.conf or ssl.conf in one of the following directories: etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf
Copy Link
Save 10% on SSL Certificates when ordering today!
Fast issuance, strong encryption, 99.99% browser trust, dedicated support, and 25-day money-back guarantee. Coupon code: SAVE10
