How to Install an SSL Certificate on Apache?

Last Updated : 16 Jul, 2024

The Apache HTTP Server module mod_ssl provides an interface to the OpenSSL library, which provides Strong Encryption using the Secure Sockets Layer and Transport Layer Security protocols.

What is Secure Sockets Layer (SSL)?

The Secure Sockets Layer protocol is a protocol layer which may be placed between a reliable connection-oriented network layer protocol (e.g. TCP/IP) and the application protocol layer (e.g. HTTP). SSL provides for secure communication between client and server by allowing mutual authentication, the use of digital signatures for integrity and encryption for privacy.

The protocol is designed to support a range of choices for specific algorithms used for cryptography, digests and signatures. This allows algorithm selection for specific servers to be made based on legal, export or other concerns and also enables the protocol to take advantage of new algorithms. Choices are negotiated between client and server when establishing a protocol session.

Steps to Install an SSL Certificate on Apache

Step 1: Obtain an SSL Certificate

Retrieve and unzip the contents of the compressed folder provided by your Certificate Authority (CA) to obtain the following files:

Primary SSL certificate (.crt file)
Root and intermediate certificates bundled together (.ca-bundle file). This chain of certificates is essential for compatibility with older browsers and applications. Failure to include these certificates may result in your website being marked as insecure.

Step 2: Install OpenSSL

OpenSSL is required to generate private keys and Certificate Signing Requests (CSRs).

On Ubuntu/Debian:

sudo apt-get update         
sudo apt-get install openssl

On CentOS/RHEL:

sudo yum install openssl

Step 3: Install Apache

If Apache is not already installed, you can install it using the package manager.

On Ubuntu/Debian:

sudo apt-get install apache2

On CentOS/RHEL:

sudo yum install httpd

Step 4: Create a Directory to Store the SSL Certificate and Key

Create a directory to store your SSL certificate and key files.

sudo mkdir /etc/apache2/ssl

Step 5: Copy SSL Certificate Files

Place your SSL certificate and key files in the directory you created.

The main config file is typically called httpd.conf or apache2.conf and located via /etc/httpd or /etc/apache2/.

Note: The SSL config file can be in a <VirtualHost> block in another config file. You can always search for the SSL conf file on Linux distributions using this grep command:

grep -i -r “SSLCertificateFile” /etc/httpd/

Step 6: Configure Apache to Use the SSL Certificate

Configure the httpd.conf file and enter the following commands on your VirtualHost to successfully enable SSL:

On Ubuntu/Debian:

sudo nano /etc/apache2/sites-available/https.conf

On CentOS/RHEL:

sudo nano /etc/httpd/conf.d/httpd.conf

Add or update the following lines with the paths to your certificate files:

<VirtualHost 192.168.0.1:443>
    DocumentRoot /var/www/html2
    ServerName www.yourdomain.com
        SSLEngine on
        SSLCertificateFile /path/to/your_domain_name.crt
        SSLCertificateKeyFile /path/to/your_private.key
        SSLCertificateChainFile /path/to/cabundle.crt
</VirtualHost>

Where:

SSLCertificateFile: Path to your SSL certificate file.
SSLCertificateKeyFile: Path to your private key file.
SSLCertificateChainFile: Path to the intermediate certificate file.

Note: If you need the site to load via https and http, create another virtual host for http. You can simply copy the existing config file before making any during this step.

Step 7: Enable the SSL Site and Restart Apache

On Ubuntu/Debian:

Enable the SSL module and the default SSL site configuration:

sudo a2enmod ssl
sudo a2ensite default-ssl.conf
sudo systemctl restart apache2

On CentOS/RHEL:

Restart Apache to apply the changes:

sudo systemctl restart httpd

Step 8: Test SSL Configuration

To verify your work, please access your website through your browser at https://yourdomain.com and review the certificate/site details to ensure that HTTPS/SSL is functioning correctly.