Certificate Management (KCM)

      Documentation Certificate Management (KCM) User Guide Certificate configuration Apache

      Apache

      Last updated:2021-03-15 15:35:05

      This document describes how to install a certificate on an Apache server.

      Prerequisites

      1. The certificate is in the Issued state.
      2. You have obtained the certificate package.

      Obtain the certificate file

      1. Download the certificate package from the KCM console and decompress the package to obtain the .key file and .pem file.
      2. Open the .pem file in Notepad, copy the first paragraph (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to a text file and save it with server.crt as the name.
      3. Copy the remaining content (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to another text file and save it with **ca.crt ** as the name.

      Install the certificate

      1. Save the above .key file, server.crt, and ca.crt to the conf folder in the Apache installation directory.

      2. Modify the httpd.conf file in the conf folder:
        a. Open the httpd.conf file and locate the following line:

        #LoadModule ssl_module modules/mod_ssl.so

        b. Delete the comment sign (#) at the beginning.

        c. Save and close the file.

      3. Modify the ssl.conf file in the conf folder:
        a. Open the ssl.conf file and search for LoadModule ssl_module to locate the following lines:

        #LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd_ssl.conf

        b. Delete the comment sign (#) at the beginning of each line.

        c. Save and close the file.

      4. Modify the httpd-ssl.conf file in the conf/extra folder or the ssl.conf file in the conf folder:

        a. Open the httpd-ssl.conf or ssl.conf file.
        b. Add or edit the following lines between <VirtualHost *:443> and </VirtualHost>:

        SSLProtocol all -SSLv2 -SSLv3   # It is recommended that you use the up-to-date OpenSSL version 1.0.0, 1.0.1, or 1.0.2.
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLCertificateFile conf/server.crt         # Set the server certificate path.
SSLCertificateKeyFile conf/server.key    # Set the private key path for the server certificate.
#SSLCertificateChainFile conf/ca.crt      # Delete the comment sign (#) at the beginning and set the CA certificate path.

        c. Save and close the file.

      5. Go to the bin directory in the Apache installation directory and execute the following commands to restart Apache:

        ./apachectl -k stop   
./apachectl -k start

      Verification

      Use HTTPS to access your website. You can enter “https://Domain name” in a browser. If the address bar displays the security lock icon, the certificate has been installed correctly.

      Previous:Export certificates
      Next:IIS7

      Did you find the above information helpful?

      Unhelpful
      Mostly Unhelpful
      A little helpful
      Helpful
      Very helpful

      What might be the problems?

      Insufficient
      Outdated
      Unclear or awkward
      Redundant or clumsy
      Lack of context for the complex system or functionality

      More suggestions

      0/200

      Please give us your feedback.

      Submitted

      Thank you for your feedback.

      问题反馈