Installing an SSL certificate on Apache
This article is a continuation of Generate a CSR and will take you from creating and receiving your SSL cert from your authority of choice to installing it in apache. I’ve chosen to Apache since it is the most common web server on Linux and the Internet. Again, I’m pulling the majority of this documentation from RapidSSL.com which is a great place to buy a certificate if you haven’t already chosen:
Keep in mind besides having apache and mod_ssl installed, you will need to have an IP address for this SSL cert and a unique IP address for each SSL that you want to host. Certificate authorities and browsers require that all SSL certs be on their own IP address.
Installing your SSL Certificate
Copy the files in into the default locale
When you receive your SSL certificate from your authority, upload it to your server and place it in \~/domain.com.ssl/domain.com.crt
- Copy the certificate, key, and csr into the Apache server directory in which you plan to store your certificates (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/).
Note: Copy the entire contents of the certificate from (and including) the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– lines.
Edit the httpd.conf
Open the Apache httpd.conf file in a text editor(I prefer VIM, the true editor).
Create the following Virtual Host:
<VirtualHost 126.96.36.199:443> ServerName www.domain.com DocumentRoot /path/to/your/document/root/htdocs SSLEngine ON SSLCertificateFile /etc/httpd/conf/ssl.crt/domain.com.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domain.com.key ErrorLog logs/ssl.domain.com.error_log CustomLog logs/ssl.domain.com.access_log combined </VirtualHost>
Note: Keep in mind that the paths to the certificate files will need to be changed to where ever you choose to place your certificate.
Save the changes and exit the editor.
You may need to open a port in your firewall to allow SSL connections to port 443. To check, get a list of your firewall rules:
sudo /sbin/iptables -L
If you have iptables active but it doesn’t have any exceptions for port 443, we’ll have to add some:
sudo /sbin/iptables -I INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT sudo /sbin/iptables -I OUTPUT -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT
Remember to add the rules to your iptables config file or, on Red Hat-based distributions, run:
sudo /sbin/service iptables save
Restart your apache web server:
# /etc/init.d/httpd restart or # /etc/init.d/apache2 restart
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://yourserver/) to indicate you wish to use secure HTTP.
Note: The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.
Continue the conversation in the Rackspace Community.
©2016 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License