Install an SSL certificate on Apache

  • Last updated on: 2016-10-19
  • Authored by: Rackspace Support

This article is a continuation of Generate a CSR and will take you from creating and receiving your SSL cert from your authority of choice to installing it in apache. I’ve chosen to Apache since it is the most common web server on Linux and the Internet. Again, I’m pulling the majority of this documentation from which is a great place to buy a certificate if you haven’t already chosen:


Keep in mind besides having apache and mod_ssl installed, you will need to have an IP address for this SSL cert and a unique IP address for each SSL that you want to host. Certificate authorities and browsers require that all SSL certs be on their own IP address.

Installing your SSL Certificate

Copy the files in into the default locale

When you receive your SSL certificate from your authority, upload it to your server.

  1. Copy all the contents of the certificate, including the BEGIN CERTIFICATE and END CERTIFICATE lines. Save the copied text as

  2. Copy the certificate and private key into the Apache server directory in which you plan to store your certificates (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/).

Edit the httpd.conf

Open the Apache httpd.conf file in a text editor, and create the following Virtual Host:

DocumentRoot /path/to/your/document/root/htdocs

SSLEngine ON
SSLCertificateFile /etc/httpd/conf/ssl.crt/
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/

ErrorLog logs/
CustomLog logs/ combined

Note: Keep in mind that the paths to the certificate files will need to be changed to where ever you choose to place your certificate.

Save the changes and exit the editor.


You may need to open a port in your firewall to allow SSL connections to port 443. To check, get a list of your firewall rules:

sudo /sbin/iptables -L

If you have iptables active but it doesn’t have any exceptions for port 443, we’ll have to add some:

sudo /sbin/iptables -I INPUT -p tcp --dport 443 -m state --state NEW,ESTABLISHED -j ACCEPT
sudo /sbin/iptables -I OUTPUT -p tcp --sport 443 -m state --state ESTABLISHED -j ACCEPT

Remember to add the rules to your iptables config file or, on Red Hat-based distributions, run:

sudo /sbin/service iptables save

Restart Apache

Restart your apache web server:

# /etc/init.d/httpd restart
# /etc/init.d/apache2 restart

Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://yourserver/) to indicate you wish to use secure HTTP.

Note: The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.

Continue the conversation in the Rackspace Community.