In order to install an SSL certificate on Apache, you need to implement the following steps :
1. Upload the certificate files on your server.
For CLOUDTECHTIQ certificates you should receive a zip-archive with several .crt files. You can also download the zip-archive which will contain the certificate for your domain name (.crt) and the CA bundle (.ca-bundle) file.
If you uploaded the intermediate certificates separately on your server, you will need to concatenate them into a single CA bundle file. For instance, for CLOUDTECHTIQ Positive SSL certificate you can use the following command to combine the intermediate and root certificates:
cat CLOUDTECHTIQRSADomainValidationSecureServerCA.crt CLOUDTECHTIQRSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt
2. Locate Apache Configuration file to edit.
The location and the name of the Apache configuration file may differ depending on the server and OS version.
Apache configuration files may be located at -
/etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf
In case of Ubuntu operating system, each site has a separate configuration located at -
To have your site accessible via secure and non-secure connection, you will need two separate configuration files: one for port 80 and the other for port 443.
3. Configure Virtual Host section for your site.
After modification of apache configuration file, the next phase is to configure the Virtual Host section for port 443 in the configuration file.
Uncomment the below lines in the file :
SSLEngine on; SSLCertificateFile that is pointed to the location of the certificate issued for your domain name; SSLCertificateKeyFile that is pointed to the location of your private key on the server. SSLCertificateChainFile that is pointed to the location of the CA bundle file.
The Virtual Host for 443 port is as below:
<VirtualHost [IP ADDRESS]:443> ServerAdmin firstname.lastname@example.org DocumentRoot var/www ServerName www.cloudtechtiq.com ErrorLog /www/home/logs/error_log SSLEngine on SSLCertificateFile /etc/ssl/cloudtechtiq.crt SSLCertificateKeyFile /etc/ssl/cloudtechtiq.key SSLCertificateChainFile /etc/ssl/cloudtechtiq.ca-bundle </VirtualHost>
If you want to enable OCSP Stapling for the website, please add the following directive to the Virtual Host section:
- Also specify OCSP cache response location and size outside of the Virtual Host section using SSLStaplingCache directive:
- Save the changes in the configuration file and restart Apache :
apachectl stop apachectl start or apachectl restart