All Documents
Current Document

Content is empty

If you don't find the content you expect, please try another search term

Documentation

Apache

Last updated:2024-03-15 16:28:22

This document describes how to install a certificate on an Apache server.

Prerequisites

  1. The certificate is in the Issued state.

  2. You have obtained the certificate package.

Obtain the certificate file

  1. Download the certificate package from the KCM console and decompress the package to obtain the .key file and .pem file.

  2. Open the .pem file in Notepad, copy the first paragraph (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to a text file and save it with server.crt as the name.

  3. Copy the remaining content (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to another text file and save it with ca.crt as the name.

Install the certificate

  1. Save the above .key file, server.crt, and ca.crt to the conf folder in the Apache installation directory.

  2. Modify the httpd.conf file in the conf folder: a. Open the httpd.conf file and locate the following line:

    #LoadModule ssl_module modules/mod_ssl.so

    b. Delete the comment sign (#) at the beginning.

    c. Save and close the file.

  3. Modify the ssl.conf file in the conf folder: a. Open the ssl.conf file and search for LoadModule ssl_module to locate the following lines:

    #LoadModule ssl_module modules/mod_ssl.so
    #Include conf/extra/httpd_ssl.conf

    b. Delete the comment sign (#) at the beginning of each line.

    c. Save and close the file.

  4. Modify the httpd-ssl.conf file in the conf/extra folder or the ssl.conf file in the conf folder:

    a. Open the httpd-ssl.conf or ssl.conf file. b. Add or edit the following lines between <VirtualHost *:443> and </VirtualHost>:

    SSLProtocol all -SSLv2 -SSLv3   # It is recommended that you use the up-to-date OpenSSL version 1.0.0, 1.0.1, or 1.0.2.
    SSLHonorCipherOrder on
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
    SSLCertificateFile conf/server.crt         # Set the server certificate path.
    SSLCertificateKeyFile conf/server.key    # Set the private key path for the server certificate.
    #SSLCertificateChainFile conf/ca.crt      # Delete the comment sign (#) at the beginning and set the CA certificate path. 

    c. Save and close the file.

  5. Go to the bin directory in the Apache installation directory and execute the following commands to restart Apache:

    ./apachectl -k stop   
    ./apachectl -k start

Verification

Use HTTPS to access your website. You can enter "https://Domain name" in a browser. If the address bar displays the security lock icon, the certificate has been installed correctly.

On this page
Pure ModeNormal Mode

Pure Mode

Click to preview the document content in full screen
Feedback