Configuring SSL/TLS Certificate on Apache Server (RedHat/CentOS/Fedora)

July 23, 2021 in WebServer

Step 1
Before installing a Certificate on your server, please ensure you have the following on hand.

  1. Private Key (Generated along with the CSR)
  2. Server Certificate
  3. Intermediate CA / Chain Certificate bundle (file ending with .ca-bundle)


Step 2
Copy these files on your Linux Server. These files can be placed anywhere, but it is recommended to have them in the following location.

  1. Server Certificate and Intermediate - /etc/pki/tls/certs/
  2. Private Key - /etc/pki/tls/private/

Installation and Configuration

  • In order to configure SSL, you will need to ensure that the Apache mod_ssl module is installed on the server.
  • If the mod_ssl was not installed, then you can do so by running the following command.
#yum install mod_ssl
  • After ensuring the files are in place and the mod_ssl is installed on the server, you can start configuring ssl on the server.
  • Edit the virtual host entry available in/etc/httpd/conf.d/ssl.conffile to assign the Private Key, Certificate and the Intermediate CA file to the configuration.
<VirtualHost *:443>
SSLEngine On

SSLCertificateFile /etc/pki/tls/certs/your_domain_name.crt
SSLCertificateKeyFile /etc/pki/tls/private/private.key
SSLCertificateChainFile /etc/pki/tls/certs/your_domain_name.ca-bundle

........
........
........
........
</VirtualHost>
  • After assigning the appropriate files to the directives
  • Restart the Apache service, using this command
#systemctl restart httpd.service
  • The new configuration will take effect.

Note: If you are renewing / replacing an existing certificate on your Apache server, simply:

  • upload the new certificate and private key files into the appropriate folders
  • modify /etc/httpd/conf.d/ssl.conf to assign the new files to the directives
  • and restart the Apache service.