View Categories

How to install SSL/TLS on Apache Web Server

w m
Updated on June 7, 2024

To install your premium SSL/TLS certificate on your domain running on Apache Web Server, follow the steps below:

Prerequisites #

  • You already generated a CSR and Private Key. If not, first use this guide
  • You sudo or root access to the server.
  • We will assume our domain is called truehosttestdomain.com

Procedure #

1.Login to your server via SSH and navigate to the location you want to save your TLS files.

From our previous article on generating a CSR our certificate files were stored in our users cert directory inside home folder. So we will run the commands below

$ cd ~/certs

2. Create two files called truehosttestdomain.com.ca and truehosttestdomain.com.crt

$ touch truehosttestdomain.com.ca truehosttestdomain.com.crt

3. Copy the content of your Intermediate Certificate file into truehosttestdomain.com.ca and that of your Certificate file into truehosttestdomain.com.crt

Now, we need to add the paths to the certificates above to the vhost so that they are loaded by our web server and used to secure our website.

4. Navigate to your vhost location.

By default, this is /etc/apache2/sites-available/ for Ubuntu and /etc/httpd/conf.d/ for Centos

$ cd  /etc/apache2/sites-available #for Debian based systems eg Ubuntu
$ cd /etc/httpd/conf.d/  #for Redhat based systems eg Centos

5. Open your vhost file using your best text editor eg vim or nano and search for the following lines

     SSLEngine on
     SSLCertificateFile /path/to/your_domain_name.crt
     SSLCertificateKeyFile /path/to/your_private.key
     SSLCertificateChainFile /path/to/DigiCertCA.crt

and change them to

      SSLEngine on
      SSLCertificateFile /home/truehost/certs/truehosttestdomain.com.crt
      SSLCertificateKeyFile /home/truehost/certs/truehosttestdomain.com.key
      SSLCertificateChainFile /home/truehost/certs/truehosttestdomain.com.ca

6. Also, change this line

<VirtualHost *:80>

to this one

<VirtualHost *:443>

7. Finally, add the following lines at the top of the vhost, above the lines above. 

<VirtualHost *:80>
   ServerName truehosttestdomain.com
   ServerAlias www.truehosttestdomain.com

   Redirect / https://truehosttestdomain.com
</VirtualHost>

Your final vhost file should look similar to this

<VirtualHost *:80>
   ServerName truehosttestdomain.com
   ServerAlias www.truehosttestdomain.com
   
   Redirect / https://truehosttestdomain.com
</VirtualHost>


<VirtualHost *:443>
    ServerName www.truehosttestdomain.com
    ServerAlias truehosttestdomain.com
    
    DocumentRoot /var/www/truehosttestdomain.com/public_html
    ErrorLog /var/www/truehosttestdomain.com/error.log
    CustomLog /var/www/truehosttestdomain.com/requests.log combined
    
    SSLEngine on
    SSLCertificateFile /home/truehost/certs/truehosttestdomain.com.crt
    SSLCertificateKeyFile /home/truehost/certs/truehosttestdomain.com.key
    SSLCertificateChainFile /home/truehost/certs/truehosttestdomain.com.ca
    
</VirtualHost>

8. Restart Apache and access the site online

$ systemctl restart apache2 # for Debian based OS like Ubuntu
$ systemctl restart httpd # for Redhat based OS like Centos

9. Test your SSL. We have prepared a guide on how to test your SSL Certificate validity. Click the link below

How to Test Your SSL/TLS Certificate
Updated on June 7, 2024

Powered by BetterDocs

Leave a Reply

Your email address will not be published. Required fields are marked *