Knowledge Base
Configuring SSL/TLS Certificate on Apache Server (RedHat/CentOS/Fedora)
Step 1
Before installing a Certificate on your server, please ensure you have the following on hand.
- Private Key (Generated along with the CSR)
- Server Certificate
- Intermediate CA / Chain Certificate bundle (file ending with .ca-bundle)
Step 2
Copy these files on your Linux Server. These files can be placed anywhere, but it is recommended to have them in the following location.
- Server Certificate and Intermediate - /etc/pki/tls/certs/
- Private Key - /etc/pki/tls/private/
Installation and Configuration
- In order to configure SSL, you will need to ensure that the Apache mod_ssl module is installed on the server.
- If the mod_ssl was not installed, then you can do so by running the following command.
#yum install mod_ssl
- After ensuring the files are in place and the mod_ssl is installed on the server, you can start configuring ssl on the server.
- Edit the virtual host entry available in/etc/httpd/conf.d/ssl.conffile to assign the Private Key, Certificate and the Intermediate CA file to the configuration.
|
<VirtualHost *:443>
SSLEngine On SSLCertificateFile /etc/pki/tls/certs/your_domain_name.crt SSLCertificateKeyFile /etc/pki/tls/private/private.key SSLCertificateChainFile /etc/pki/tls/certs/your_domain_name.ca-bundle ........ ........ ........ ........ </VirtualHost> |
- After assigning the appropriate files to the directives
- Restart the Apache service, using this command
#systemctl restart httpd.service
- The new configuration will take effect.
Note: If you are renewing / replacing an existing certificate on your Apache server, simply:
- upload the new certificate and private key files into the appropriate folders
- modify /etc/httpd/conf.d/ssl.conf to assign the new files to the directives
- and restart the Apache service.