SSL certificates allow web traffic encryption and security. Here’s how to install SSL certificate in Apache web server. You can use these Apache SSL configuration steps for Ubuntu Linux as well as Debian/CentOS/Redhat systems.
How to Configure SSL Certificate in Apache Web Server
Here is a step-by-step guide to install SSL certificate in Apache for Ubuntu.
1. Enable mod_ssl
mod_ssl is an Apache module required to install and manage SSL/TLS certificates. mod_ssl is already installed in Ubuntu/Debian systems. Open terminal and run the following command to enable mod_ssl
$ sudo a2enmod ssl
You can install it on Redhat/CentOS/Fedora Linux with the following command.
$ yum install mod_ssl
2. Get SSL Certificate
Next, get the SSL/TLS certificate bundle from your certificate authority such as Namecheap, RapidSSL, Comodo, GoDadddy, Let’s Encrypt, etc. You can also use a free SSL provider like SSLForFree.
You will get 3 files from certificate authority.
- key (e.g private.key) – your key file. Don’t share this with anyone publicly
- Certificate (e.g certificate.crt) – actual SSL/TLS certificate for your domain
- Ca_bundle (e.g ca_bundle.crt) – Root/intermediate certificate
Bonus Read : How to Set Apache Header Conditionally
3. Apache SSL Configuration
Now that we have setup the prerequisites, we will configure SSL certificate in Apache
Create a new directory to store your SSL/TLS certificates
$ sudo mkdir /etc/apache2/ssl
Download the 3 files mentioned in step 2 to ssl directory created above.
Next, open Apache configuration file. You can open the default configuration file
$ sudo vi /etc/apache2/sites-enabled/000-default.conf
If you have setup virtual host for your website (e.g www.example.com) and created a separate config file for this website (e.g example.conf) then open that file.
$ sudo vi /etc/apache2/sites-enabled/example.conf
Add the following lines in VirtualHost tag before </VirtualHost> line.
SSLEngine On SSLCertificateFile "/etc/apache2/ssl/certificate.crt" SSLCertificateChainFile "/etc/apache2/ssl/ca_bundle.crt" SSLCertificateKeyFile "/etc/apache2/ssl/private.key"
Your VirtualHost block will look something like this
<VirtualHost *:443> DocumentRoot /var/www/ ServerName www.example.com SSLEngine On SSLCertificateFile "/etc/apache2/ssl/certificate.crt" SSLCertificateChainFile "/etc/apache2/ssl/ca_bundle.crt" SSLCertificateKeyFile "/etc/apache2/ssl/private.key" </VirtualHost>
In the above lines, we use 3 Apache server directives
- SSLCertificateFile – Certificate CRT file path
- SSLCertificateKeyFile – Private key file path
- SSLCertificateChainFile – CA bundle file path
Bonus Read : How to Enable mod_headers in Apache Ubuntu
4. Test Apache Configuration and Restart Server
Run the following command to test Apache server configuration
$ sudo apachectl configtest
If you don’t see any error, restart Apache web server.
# sudo service httpd restart [On RedHat based systems] # sudo service apache2 restart [On Debian based systems]
Now you have installed SSL certificate in Apache web server. Open a browser and visit https:// version of your domain (e.g https://www.example.com).
You will see a lock symbol next to your URL, in browser’s address bar, indicating that your website’s SSL/TLS certificate is working properly.
Hopefully, now you can configure SSL certificate in Apache for Ubuntu as well as other Linux systems.