Apache Server SSL Certificate Installation
- Obtain private key and origin certificate pair
After completing the steps to generate the private key and origin certificate, download both the private key and origin certificate in .pem format.
- Copy the key and cert pair to your origin server
Copy the key and certificate files to the directory on your server where you will keep your key and certificate files.
- Find your Apache configuration file
The location and name of your Apache configuration file may vary, especially if you use a special interface to manage your server.
Apache's main configuration file is typically named
apache2.conf. Possible locations for this file might be
/etc/apache2/. For a more complete list of default installation layouts for Apache HTTPD on various operating systems, please see the httpd wiki.
The SSL configuration for your server is often found within a
<virtualhost>block in a different configuration file. These configuration files might be in a different directory such as
/etc/httpd/sites/, or in a file called
One way to search for the SSL configuration file on linux is by using grep as shown in the example below.
Sample grep command
grep -i -r "SSLCertificateFile" /etc/httpd/
-imakes the search case-insensitive,
-rsearches the directory recursively, "SSLCertificateFile" is the search string, and
/etc/httpd/is the directory where the search occurs.
- Identify the <VirtualHost> block to configure
If you need your site to be accessible through http as well as https, you'll need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and configure it for SSL as described in the following step.
- Configure the <VirtualHost> block for SSL
Below is a simple example of a virtual host configured to use SSL. The parts in bold must be added to configure SSL.
Sample virtual host block
Adjust the filenames to match your certificate and key files.
SSLCertificateFileis your OriginCA certificate.
SSLCertificateKeyFileis your OriginCA private key.
- Test your Apache configuration before restarting
Best practice is to check your configuration files before restarting Apache as Apache will not start if there are errors in the configuration. The following command will test your configuration files.
Test Apache configuration
- Restart Apache
You can use apachectl commands to restart Apache with SSL support.
Note: If Apache does not start with SSL support, try using
apachectl startsslinstead of
apachectl start. If SSL support only loads with
apachectl startsslwe recommend you adjust the Apache startup configuration to include SSL support in the regular
apachectl startcommand. Otherwise your server may require that you manually restart Apache using
apachectl startsslin the event of a server reboot. This usually involves removing the <IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.