Installing Your SSL Certificate on Ubuntu with Apache2

  Print

Installing Your SSL Certificate on Ubuntu with Apache2

  1. Copy the certificate files to your server.

    1. Download the intermediate and your primary certificate (your_domain_name.crt) files.
    2. Copy these files, along with the .key file you generated when creating the CSR, to the directory on the server where you keep your certificate and key files.

      Note: Make them readable by root only to increase security.
  2. Find the Apache configuration file you need to edit.

    The location and name of the configuration file can vary from server to server-especially if you're using a special interface to manage your server configuration.

    • The Ubuntu server with Apache2 main configuration file for your SSL/TLS site is typically found in /etc/apache2/sites-enabled/your_site_name.
    • If it's not found in the 'sites-enabled' directory, run the command below.
      sudo a2ensite your_site_name
    • Open the file with a text editor and find the <VirtualHost> blocks that contain the Apache settings.
  3. Identify the SSL <VirtualHost> block you need to configure.

    If your site needs to be accessible through both secure (https) and non-secure (http) connections, you need two separate files in /etc/apache2/sites-enabled/. One file is for port 80 and the other file is for port 443. Configure both files for SSL as described in step 4.

    If your site only needs to be accessed securely, configure the existing virtual host for SSL as described in step 4.
  4. Configure the <VirtualHost> block for the SSL-enabled site

    1. Below is a very simple example of a virtual host configured for SSL. The parts listed in blue are the parts you must add to configure the SSL configuration; they may be spread throughout the file.

      <VirtualHost 192.168.0.1:443>
      DocumentRoot /var/www/
      SSLEngine on
      SSLCertificateFile /path/to/your_domain_name.crt
      SSLCertificateKeyFile /path/to/your_private.key
      SSLCertificateChainFile /path/to/Example.crt

      </VirtualHost>
    2. Make sure to adjust the file names to match your certificate files.

      • SSLCertificateFile is your certificate file (e.g., your_domain_name.crt).
      • SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., your_private.key).
      • SSLCertificateChainFile is the intermediate certificate file (e.g., Example.crt)

        Note: If the SSLCertificateChainFile directive doesn't work, try using the SSLCACertificateFile directive instead.
  5. Test your Apache2 configuration file before restarting.

    As a best practice, check your Apache2 configuration file for any errors before restarting Apache.

    Caution: Apache2 won't start again if your configuration files have syntax errors.
    Run the following command to test your configuration file (on some systems, it's apache2ctl):
    apachectl configtest
  6. Restart Apache2.

    You can use apachectl commands to stop and start Apache2 with SSL support.

    apachectl stop
    apachect1 start
  7. Restart Notes:

    If Apache2 doesn't restart with SSL support, try using apachectl startssl instead of apachectl start. If SSL support only loads with apachectl startssl, we recommend you adjust the apache startup configuration to include SSL support in the regular apachectl start command. Otherwise, your server may require you to manually restart Apache2 using apachectl startssl in the event of a server reboot. This usually involves removing the <IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.
  8. Congratulations! You've successfully installed your SSL certificate.


Related Articles

Login