How to Install a TLS/SSL Certificate in Apache

The following instructions will guide you through the SSL Certificate installation process on Apache Servers (OpenSSL). If you have more than one server or device, you will need to install the certificate on each server or device you need to secure.

What You'll Need

1. Your server certificate file
   This is the TrustCor certificate you received for your domain.
2. Your intermediate certificate(s)
   These files allow the devices connecting to your server to identify TrustCor as the issuing CA. There may be more than one of these certificates. If you downloaded the pem-chain file, it will also contain the Intermediate certificate(s) bundled with your domain's certificate.
3. Your private key
   This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.
   
   Note: The above files should be saved to the server directory where all certificate/key files are stored.

Installation Instructions

1. Find the apache config file to edit
   The main config file is typically named httpd.conf or apache2.conf and can be found either: /etc/httpd or: /etc/apache2/
   
   On CentOS/RedHat:
   /etc/httpd/httpd.conf
   /etc/httpd/sites-enabled/name-of-virtualhost.conf
   
   On Debian/Ubuntu:
   /etc/apache2/apache2.conf
   /etc/apache2/sites-enabled/name-of-virtualhost.conf
   
   Note: The SSL certificate config file can be located in a <VirtualHost> block in a different config file. You can always search for the SSL config file on Linux distributions using the following grep command:
   
   

   grep -i -r "SSLCertificateFile" /etc/httpd/

   
   
2. Configure the file and enter commands
   Configure the httpd.conf file and enter the following command on your VirtualHost to successfully enable SSL:
   
   

   <VirtualHost 192.168.0.1:443>
       DocumentRoot /var/www/html2
       ServerName www.yourdomain.com
           SSLEngine on
           SSLCertificateFile /path/to/your_domain_name.crt
           SSLCertificateKeyFile /path/to/your_private.key
           SSLCertificateChainFile /path/to/cabundle.crt
   </VirtualHost>
   

   • Make sure to adjust the file names to match your certificate files:
     • SSLCertificateFile is your TrustCor certificate file (e.g., your_domain_name.crt).
     • SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., your_private.key).
     • SSLCertificateChainFile is the TrustCor intermediate certificate file (e.g., dv-ssl-chain.pem)
     Note: As of Apache 2.4.8, the SSLCertificateChainFile directive was deprecated and SSLCertificateFile was extended to support intermediate certificates. Adding the intermediate certificate to the end of your certificate will create a chain file for your server.
3. Run a test command to test your Apache configuration file
   Run the following command to check your configuration file for any errors before restarting Apache.
   
   

   apachectl configtest
   

   Depending on your system, it will be apachectl configtest or apache2ctl configtest.
4. Restart Apache
   If successfully tested, restart Apache by running the following commands:
   
   

   apachectl stop
   apachectl start
   

   For older versions of Red Hat Enterprise Linux use init scripts as stated below:
   
    CentOS/RedHat:
   

     service httpd restart
   

    Debian/Ubuntu:
   

     service apache2 restart
   

   For Red Hat Enterprise Linux 7 or CentOS 7.0 use the following commands:
   
    CentOS/RedHat:
   

     systemctl restart httpd.service
   

    Debian/Ubuntu:
   

     systemctl restart apache2.service
   

Your certificate should now be installed. You can navigate to your site in a web browser and view the certificate/site information to verify if HTTPS/SSL is working properly.