For Techs.... Techniques.... Technologies....


How to install SSL certificate in apache webserver

This article explains the steps to install SSL certificate in Linux server.

Step1: Copy your certificate to file

You will receive an email from the Registration Authority when your certificate request has been approved that contains a link to a location where your certificate may be obtained. Clicking on this link will bring up a browser window that contains the details of your issued certificate and includes a section that looks something like the following:


Copy everything you see between and including the lines that look like


and paste it into an appropriately named text file e.g. server.crt

Copy this certificate file into the directory that you will be using to hold your certificates.

e.g. /etc/httpd/conf/ssl.crt/

In this example we will use:

/etc/httpd/conf/ssl.crt/ as the location where certificates will be stored
/etc/httpd/conf/ssl.key/ as the location where the server's private key is stored.
/etc/httpd/conf/ca-bundle/ as the location where the CA bundle file will be stored

It is recommended that you make the directory that contains the private key file only readable by root.

Step2: Install the CA Certificates

You will need to install the CA certificates in order for your webserver to use your SSL certificate properly. Apache users do not neded to install these certificates individually. Instead you can install the CA certificates using a 'bundle' method.

In the Virtual Host settings for your site, in the httpd.conf file, you will need to complete the following:

Copy the PEM format Bundled CA certificate file (full CA chain) to the directory in which ca-bundled files are stored e.g. /etc/httpd/conf/ssl.crt/

Add the following line to the SSL section of the httpd.conf (assuming /etc/httpd/conf/ssl.crt/ is the directory to where you have copied the CA Bundle file). if the line already exists amend it to read the following:

SSLCACertificateFile /etc/httpd/conf/ssl.crt/cachainpem.txt

If you are using a different location and certificate file names you will need to change the path and filename to reflect your server.

The SSL section of the updated httpd config file should now read something similar to this example (depending on your naming and directories used):

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key

SSLCACertificateFile /etc/httpd/conf/ssl.crt/cachainpem.txt

Save your httpd.conf file and restart Apache.

Leave a Reply