How to install an Origin CA certificate in Apache httpd

Apache Server SSL Certificate Installation

  1. Obtain private key and origin certificate pair

    After completing the steps to generate the private key and origin certificate, download both the private key and origin certificate in .pem format.

  2. Copy the key and cert pair to your origin server

    Copy the key and certificate files to the directory on your server where you will keep your key and certificate files.

  3. Find your Apache configuration file

    The location and name of your Apache configuration file may vary, especially if you use a special interface to manage your server.

    Apache's main configuration file is typically named httpd.conf or apache2.conf. Possible locations for this file might be /etc/httpd/ or /etc/apache2/. For a more complete list of default installation layouts for Apache HTTPD on various operating systems, please see the httpd wiki.

    The SSL configuration for your server is often found within a <virtualhost> block in a different configuration file. These configuration files might be in a different directory such as /etc/httpd/vhosts.d/ , /etc/httpd/sites/ , or in a file called httpd-ssl.conf.

    One way to search for the SSL configuration file on linux is by using grep as shown in the example below.



    Where -i makes the search case-insensitive, -r searches the directory recursively, "SSLCertificateFile" is the search string, and /etc/httpd/ is the directory where the search occurs.

  4. Identify the <VirtualHost> block to configure

    If you need your site to be accessible through http as well as https, you'll need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and configure it for SSL as described in the following step.

  5. Configure the <VirtualHost> block for SSL

    Below is a simple example of a virtual host configured to use SSL. The parts in bold must be added to configure SSL.



    Adjust the filenames to match your certificate and key files.

    • SSLCertificateFile is your OriginCA certificate.
    • SSLCertificateKeyFile is your OriginCA private key.


  6. Test your Apache configuration before restarting

    Best practice is to check your configuration files before restarting Apache as Apache will not start if there are errors in the configuration. The following command will test your configuration files.



  7. Restart Apache

    You can use apachectl commands to restart Apache with SSL support.



    Note: If Apache does not start with SSL support, try using apachectl startssl instead of apachectl start. If SSL support only loads with apachectl startssl we recommend you adjust the Apache startup configuration to include SSL support in the regular apachectl start command. Otherwise your server may require that you manually restart Apache using apachectl startssl in the event of a server reboot. This usually involves removing the <IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.
Still not finding what you need?

The Cloudflare team is here to help. 95% of questions can be answered using the search tool, but if you can’t find what you need, submit a support request.

Powered by Zendesk