How to install an SSL certificate on Apache?

    Posted in SSL Certificates on Jul 29, 2019

    In order to install an SSL certificate on Apache, you need to implement the following steps :

    1. Upload the certificate files on your server.

    For CLOUDTECHTIQ certificates you should receive a zip-archive with several .crt files. You can also download the zip-archive which will contain the certificate for your domain name (.crt) and the CA bundle (.ca-bundle) file.

    If you uploaded the intermediate certificates separately on your server, you will need to concatenate them into a single CA bundle file. For instance, for CLOUDTECHTIQ Positive SSL certificate you can use the following command to combine the intermediate and root certificates:

    cat CLOUDTECHTIQRSADomainValidationSecureServerCA.crt
    CLOUDTECHTIQRSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt

    2. Locate Apache Configuration file to edit.

    The location and the name of the Apache configuration file may differ depending on the server and OS version.

    Apache configuration files may be located at -

    /etc/httpd/, /etc/apache2/ or /etc/httpd/conf.d/ssl.conf

    In case of Ubuntu operating system, each site has a separate configuration located at -

    /etc/apache2/sites-enabled/

    To have your site accessible via secure and non-secure connection, you will need two separate configuration files: one for port 80 and the other for port 443.

    3. Configure Virtual Host section for your site.

    After modification of apache configuration file, the next phase is to configure the Virtual Host section for port 443 in the configuration file.

    Uncomment the below lines in the file :

    SSLEngine on;
    
    SSLCertificateFile that is pointed to the location of the certificate issued for your domain name;
    
    SSLCertificateKeyFile that is pointed to the location of your private key on the server.
    
    SSLCertificateChainFile that is pointed to the location of the CA bundle file.
    

    The Virtual Host for 443 port is as below:

    <VirtualHost [IP ADDRESS]:443>
    
    ServerAdmin priya@cloudtechtiq.com
    
    DocumentRoot var/www
    
    ServerName www.cloudtechtiq.com
    
    ErrorLog /www/home/logs/error_log
    
    SSLEngine on
    
    SSLCertificateFile /etc/ssl/cloudtechtiq.crt
    
    SSLCertificateKeyFile /etc/ssl/cloudtechtiq.key
    
    SSLCertificateChainFile /etc/ssl/cloudtechtiq.ca-bundle
    
    </VirtualHost>

    If you want to enable OCSP Stapling for the website, please add the following directive to the Virtual Host section:

    SSLUseStapling on

    • Also specify OCSP cache response location and size outside of the Virtual Host section using SSLStaplingCache directive:

    SSLStaplingCache shmcb:/tmp/stapling_cache(128000)

    • Save the changes in the configuration file and restart Apache :
    apachectl stop
    
    apachectl start
    
    or
    
     apachectl restart