Before installing a Certificate on your server, please ensure you have the following on hand.
- Private Key (Generated along with the CSR)
- Server Certificate
- Intermediate CA / Chain Certificate bundle (file ending with .ca-bundle)
Copy these files on your Linux Server. These files can be placed anywhere, but it is recommended to have them in the following location.
- Server Certificate and Intermediate - /etc/pki/tls/certs/
- Private Key - /etc/pki/tls/private/
Installation and Configuration
- In order to configure SSL, you will need to ensure that the Apache ssl module is installed on the server.
- f the ssl module was not installed, then you can do so by running the following command.
- After ensuring the files are in place and the sslmodule is installed on the server, you can start configuring ssl on the server.
- The Virtual Host configuration files should be available under /etc/apache2/sites-available/ directory.
- On this directory, the file named ‘default-ssl.conf’ is the default ssl configuration file.
- We assume that you are using the default configuration here.
Edit the virtual host entry available in /etc/apache2/sites-available/default-ssl.conf file to assign the Private Key, Certificate and the Intermediate CA file to the configuration.
- You should make sure that the ‘default-ssl.conf’ enabled by running the following command.
- After assigning appropriate files to the directives and enabling the site, you need to restart the Apache service, so that the new configuration will take effect.
service apache2 restart
Note: If you are renewing / replacing an existing certificate on your Apache server, simply:
- upload the new certificate and private key files into the appropriate folders
- modify /etc/apache2/sites-available/default-ssl.conf to assign the new files to the directives,
- and restart the Apache service.
Note: You can also create your own Virtual Host configuration for your sites by copying the ‘default-ssl.conf’ and use those files to configure SSL for your website.
Make sure that you are enabling the new site after configuring the SSL using a2ensite command.