How to Install a TLS/SSL Certificate in Apache

The following instructions will guide you through the SSL Certificate installation process on Apache Servers (OpenSSL). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure.

What You'll Need

  1. Your server certificate file
    This is the TrustCor certificate you received for your domain.
  2. Your intermediate certificate(s)
    These files allow the devices connecting to your server to identify TrustCor as the issuing CA. There may be more than one of these certificates. If you downloaded the pem-chain file, it will also contain the Intermediate certificate(s) bundled with your domain's certificate.
  3. Your private key
    This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.

    Note: The above files should be saved to the server directory where all certificate/key files are stored.

Installation Instructions

  1. Find the apache config file to edit
    The main config file is typically named httpd.conf or apache2.conf and can be found either: /etc/httpd or: /etc/apache2/

    On CentOS/RedHat:

    On Debian/Ubuntu:

    Note: The SSL certificate config file can be located in a <VirtualHost> block in a different config file. You can always search for the SSL config file on Linux distributions using the following grep command:

    grep -i -r "SSLCertificateFile" /etc/httpd/

  2. Configure the file and enter commands
    Configure the httpd.conf file and enter the following command on your VirtualHost to successfully enable SSL:

        DocumentRoot /var/www/html2
            SSLEngine on
            SSLCertificateFile /path/to/your_domain_name.crt
            SSLCertificateKeyFile /path/to/your_private.key
            SSLCertificateChainFile /path/to/cabundle.crt
    • Make sure to adjust the file names to match your certificate files:
      • SSLCertificateFile is your TrustCor certificate file (e.g., your_domain_name.crt).
      • SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., your_private.key).
      • SSLCertificateChainFile is the TrustCor intermediate certificate file (e.g., dv-ssl-chain.pem)
      Note: As of Apache 2.4.8, the SSLCertificateChainFile directive was deprecated and SSLCertificateFile was extended to support intermediate certificates. Adding the intermediate certificate to the end of your certificate will create a chain file for your server.
  3. Run a test command to test your Apache configuration file
    Run the following command to check your configuration file for any errors before restarting Apache.

    apachectl configtest
    Depending on your system, it will be apachectl configtest or apache2ctl configtest.
  4. Restart Apache
    If successfully tested, restart Apache by running the following commands:

    apachectl stop
    apachectl start
    For older versions of Red Hat Enterprise Linux use init scripts as stated below:

      service httpd restart
      service apache2 restart
    For Red Hat Enterprise Linux 7 or CentOS 7.0 use the following commands:

      systemctl restart httpd.service
      systemctl restart apache2.service

Your certificate should now be installed. You can navigate to your site in a web browser and view the certificate/site information to verify if HTTPS/SSL is working properly.