Apache for Linux

Last updated:2021-03-15 15:35:24

This document describes how to install a certificate on an Apache for Linux server.

Prerequisites

  1. The certificate is in the Issued state.
  2. You have obtained the certificate package.

Preparation

Install OpenSSL

Install OpenSSL first so that Apache can support SSL.

  1. Download OpenSSL from http://www.openssl.org/source/.

  2. Execute the following commands:

    tar -zxf openssl-1.*.**.tar.gz     // Decompress the package.
    cd openssl-1.*.**              // Change to the directory.
    ./config              // Complete the configuration. It is recommended that you use the default settings.
    make && make install
    

By default, OpenSSL is installed in the /usr/local/ssl directory.

Install Apache

./configure --prefix=/usr/local/apache --enable-so --enable-ssl --with-ssl=/usr/local/ssl --enable-mods-shared=all
// Complete the configuration. It is recommended that you use the dynamic compiler.
make && make install  

Dynamically compiling the Apache module facilitates module loading. Apache will be installed in the /usr/local/apache directory.

Install the server certificate

Obtain the server certificate

From the certificate issuing file, copy the server certificate content (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to a text file and save it with server.crt as the name.

Obtain CA certificates

From the certificate issuing file, copy the content of the two CA certificates (including -----BEGIN CERTIFICATE----- and -----END CERTIFICATE-----) to the same text file. Use a carriage return as the delimiter between the two certificates. Do not insert any blank line. Then, save the file as ca.crt.
If there is only one CA certificate, you only need to copy and save the content of the certificate to the text file.

Modify configuration files for Apache

  1. Open the httpd.conf file in the conf folder of the Apache installation directory. Locate the following line:

    #LoadModule ssl_module modules/mod_ssl.so
    
  2. Delete the comment sign (#) at the beginning.

  3. Save and close the file.

  4. Open the ssl.conf file in the conf folder in the Apache installation directory. Search for LoadModule ssl_module to locate the following lines:

    #LoadModule ssl_module modules/mod_ssl.so
    #Include conf/extra/httpd_ssl.conf
    
  5. Delete the comment sign (#) at the beginning of each line.

  6. Save and close the file.

  7. Open the httpd-ssl.conf file in the conf/extra folder or the ssl.conf file in the conf folder in the Apache installation directory. Add or edit the following lines between <VirtualHost *:443> and </VirtualHost>:

    SSLProtocol all -SSLv2 -SSLv3
    SSLHonorCipherOrder on
    SSLCipherSuite HIGH:!RC4:!MD5:!aNULL:!eNULL:!NULL:!DH:!EDH:!EXP:+MEDIUM
    SSLCertificateFile conf/server.crt         # Set the server certificate path.
    SSLCertificateKeyFile conf/server.key    # Set the private key path for the server certificate.
    #SSLCertificateChainFile conf/ca.crt      # Delete the comment sign (#) at the beginning and set the CA certificate path.
    
  8. Save and close the file.

  9. Go to the bin directory in the Apache installation directory and run the following commands to restart Apache:

    ./apachectl -k stop   
    ./apachectl -k start
    
  10. Use HTTPS to access your website to verify whether the certificates have been installed correctly.

Back up and restore a server certificate

After successfully installing the server certificate and completing configuration, back up the server certificate for further restoration.

Back up a server certificate

Back up the following files:

  • Server certificate private key file server.key
  • Server certificate file server.crt
  • Server certificate CA certificate file ca.crt

Restore a server certificate

See the procedures for installing a server certificate. After restoring a server certificate, modify the configuration files for the server certificate to take effect.

Did you find the above information helpful?

Unhelpful
Mostly Unhelpful
A little helpful
Helpful
Very helpful

What might be the problems?

Insufficient
Outdated
Unclear or awkward
Redundant or clumsy
Lack of context for the complex system or functionality

More suggestions

0/200

Please give us your feedback.

Submitted

Thank you for your feedback.

问题反馈