Apache, a freeware product from the Apache Software Foundation, is popular worldwide as an HTTP server. Basically designed for UNIX, it is now used enthusiastically by Windows and other operating systems. “Apache” is named so because of the word “patchy”, used by the developers of Apache for their earlier versions of the software.
Apache Server containing an extra module for SSL is known as Apache and mod_SSL.
Steps for Installing SSL in Apache and mod_SSL: –
1. Download Intermediate Certificate.
- Purchase an SSL certificate from trusted certificate provider – SSL2BUY.
- Now copy the content of the intermediate certificate in notepad or in any text file under the name “intermediate.crt”. Save this file in the same directory where the SSL certificate resides for e.g.:/usr/local/ssl/crt.
2. Next, Installing the SSL certificate.
You will receive your certificate through e-mail. You may receive the certificate as an attachment or as a plain text in the body part of the e-mail. If it is an attachment download it and use it directly and if it is as a text form then copy and paste it in Notepad or any other text file. But do not use Microsoft Office’s Microsoft Word as it may add extra characters to the file. Remove all the spaces and extra lines from the file.
Below is the sample view of the text file.
-----BEGIN CERTIFICATE----- [encoded data] -----END CERTIFICATE-----
The five dashes after and before “Begin Certificate” & “End Certificate” are compulsory. There should be no white spaces, line breaks and additional certificates.
- As per the naming convention defined in Apache, rename the certificate with the .crt extension.
- Now move the certificates into the directory which will be holding the certificates for e.g.: /usr/local/ssl/crt.
3. Server Configuration.
To use the pair of the keys (public key and private key), you will need to update httpd.conf file. There must be following 3 directives present in the Virtual Host section of the httpd.conf file: –
SSLCertificateFile/usr/local/ssl/crt/public.crt SSLCertificateKeyFile/usr/local/ssl/private/private.key SSLCertificateChainFile/usr/local/ssl/crt/intermediate.crt
If any of these directives are missing, then please add them.
Note: Some versions of Apache will not allow the SSLCertificateChainFile directive so try to use SSLCACertificateFile instead.
As, for example: –
- SSLCertificateFile/usr/local/ssl/crt/public.crt directive guides the Apache server where and how to find the Certificate File.
- SSLCertificateKeyFile/usr/local/ssl/private/private.key directive guides for the location of the private key.
- SSLCertificateChainFile/usr/local/ssl/crt/intermediate.crt directive lines the location of the intermediate certificate.
You definitely must be using different locations and certificate file names than those mentioned in the example given above. So, you will have to change the path and file names as per the convenience of your server.
Kindly note that many versions of Apache include both an httpd.conf and ssl.conf file. In such case avoid entering both the files as it will create a hazardous situation and will prevent Apache from being started. Just enter or modify the httpd.conf or the ssl.conf with the directives mentioned above.
- Start Apache again after saving the httpd.conf or the ssl.conf file. For doing this you require apachectl script:-
apachectl stop apachectl startssl
- Now, you are ready to use the SSL certificate with your Apache-SSL server.
In case you want to verify that whether your certificate is installed correctly or not; just use SSL Installation Checker.
