This guide will assist you in the installation of your SSL certificate on Apache. We have used a Comodo Positive SSL as an example below. However, the steps remain the same for all SSLs. Upload the certificate files on the server where your web-site is hosted.
In case of Comodo certificates, you should receive the zip archive with *.crt and .ca-bundle files. Geotrust/Thawte/Symantec sends certificates in plain text. Simply save the certificates as txt files.
Notepad will meet this demand. For Comodo PositiveSSL the files would appear like the ones below:
COMODORSADomainValidationSecureServerCA.crt
COMODORSAAddTrustCA.crt
AddTrustExternalCARoot.crt
Combine CA certificates in the single file.
If you received several CA certificates in separate files, you should combine them in the single file to make the CA bundle.
For Comodo PositiveSSL CA certificates these are: AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt and COMODORSADomainValidationSecureServerCA.crt
To combine them, run the following command in terminal:
$ cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt
Edit your Apache VirtualHost file. If you do not have a record for port 443 in your VirtualHost, you should add it manually.
Location of the Configuration file depends on the the server and OS version, some possible examples are listed bellow:
Fedora/CentOS/RHEL: /etc/httpd/conf/httpd.conf
Debian and Debian based: /etc/apache2/apache2.conf
The situation for ubuntu on Apache differs, as the configurations for 443 and 80 ports for each site are located in separate files. You can find it at /etc/apache2/sites-enabled/ Edit or create the file with the VirtualHost for 443 port to set up the secure connection.
Actually you can duplicate the record for port 80 (should be in your VirtulHost file by default) and change port 80 to port 443. Simply add it below non-secure module. In addition to the port change, you also need to add the special lines in the record:
SSLEngine on
SSLCertificateFile “/ssl/*yourdomainname*.crt”
SSLCertificateKeyFile “/ssl/*your_private_key*.key”
combined CA certificates in the file bundle.crt In the older Apache versions, the directive might be called SSLCertificateChainFile instead.
Note: Starting from Apache 2.4.8 ‘SSLCertificateChainFile’ directive became obsolete. The chain of intermediate certificates can be added to the file with the domain certificate.
SSLCACertificateFile “/ssl/bundle.crt”
Listen 443
DocumentRoot “/var/www”
ServerName *your_domain_name*
SSLEngine on
SSLCertificateFile “/ssl/*your_domain_name*.crt”
SSLCertificateKeyFile “/ssl/*your_private_key*.key”
SSLCACertificateFile “/ssl/bundle.crt”
Note: If you are using a multi-domain or wildcard certificates, it is necessary to modify the configuration files for each domain/subdomain hosted on the server. You would need to specify the domain/subdomain you need to secure and refer to the same certificate files in the VirtualHost record the way described above.
Once you have modified the VirtualHost file, it is required to restart apache in order to apply the changes.
You can restart Apache with the following command:
# sudo service apache2 reload
