Last updated:2021-03-15 15:35:24
This document describes how to install a certificate on an Apache for Linux server.
Install OpenSSL first so that Apache can support SSL.
Download OpenSSL from http://www.openssl.org/source/.
Execute the following commands:
tar -zxf openssl-1.*.**.tar.gz // Decompress the package.
cd openssl-1.*.** // Change to the directory.
./config // Complete the configuration. It is recommended that you use the default settings.
make && make install
By default, OpenSSL is installed in the /usr/local/ssl directory.
./configure --prefix=/usr/local/apache --enable-so --enable-ssl --with-ssl=/usr/local/ssl --enable-mods-shared=all
// Complete the configuration. It is recommended that you use the dynamic compiler.
make && make install
Dynamically compiling the Apache module facilitates module loading. Apache will be installed in the /usr/local/apache directory.
From the certificate issuing file, copy the server certificate content (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to a text file and save it with server.crt as the name.
From the certificate issuing file, copy the content of the two CA certificates (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to the same text file. Use a carriage return as the delimiter between the two certificates. Do not insert any blank line. Then, save the file as ca.crt.
If there is only one CA certificate, you only need to copy and save the content of the certificate to the text file.
Open the httpd.conf file in the conf folder of the Apache installation directory. Locate the following line:
#LoadModule ssl_module modules/mod_ssl.so
Delete the comment sign (#) at the beginning.
Save and close the file.
Open the ssl.conf file in the conf folder in the Apache installation directory. Search for LoadModule ssl_module to locate the following lines:
#LoadModule ssl_module modules/mod_ssl.so
#Include conf/extra/httpd_ssl.conf
Delete the comment sign (#) at the beginning of each line.
Save and close the file.
Open the httpd-ssl.conf file in the conf/extra folder or the ssl.conf file in the conf folder in the Apache installation directory. Add or edit the following lines between <VirtualHost *:443> and </VirtualHost>:
SSLProtocol all -SSLv2 -SSLv3
SSLHonorCipherOrder on
SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
SSLCertificateFile conf/server.crt # Set the server certificate path.
SSLCertificateKeyFile conf/server.key # Set the private key path for the server certificate.
#SSLCertificateChainFile conf/ca.crt # Delete the comment sign (#) at the beginning and set the CA certificate path.
Save and close the file.
Go to the bin directory in the Apache installation directory and run the following commands to restart Apache:
./apachectl -k stop
./apachectl -k start
Use HTTPS to access your website to verify whether the certificates have been installed correctly.
After successfully installing the server certificate and completing configuration, back up the server certificate for further restoration.
Back up the following files:
See the procedures for installing a server certificate. After restoring a server certificate, modify the configuration files for the server certificate to take effect.
Did you find the above information helpful?
Please give us your feedback.
Thank you for your feedback.