How do I install an SSL Certificate into Apache using the httpd.conf?
Sometimes to reduce the httpd.conf file in size and content, some administrators include the SSL virtualhosts in a seperate file. This separate file is called the ssl.conf file (or ssl-httpd.conf). The guide belows shows you how to configure this file.
Listen 443
ServerName <your_server_name>:443
SSLEngine on
SSLCertificateFile /<path to><your_SSL_Certificate>.crt
SSLCertificateKeyFile /<path to><*.key file you created with the CSR>.key
SSLCertificateChainFile /<path to> qvsslicag2.crt
SSLCACertificateFile /<path to> qvrca2.crt
Note: SSLCertificateChainFile became obsolete with version 2.4.8, when SSLCertificateFile was extended to also load intermediate CA certificates from the server certificate file. If you are using Apache 2.4.8 or higher, do not include SSLCertificateChainFile or your Apache service may not start.
Include conf/extra/ssl.conf
Note: the "conf/extra" might change depending on if the ssl.conf file is in a different location. It may also depend on what OS Apache is installed on.
Note: The file name "ssl.conf" might also be "httpd-ssl.conf" depending on what you named your configuration file.
Note: If during this process, either your Apache service fails to restart or something goes wrong, you should delete the current httpd.conf file and revert back to your backup httpd.conf file. This can be done by renaming the httpd.conf_backup to just httpd.conf. The same applies to the ssl.conf file.
Although optional, it is highly recommended to enable OCSP Stapling which will improve the SSL handshake speed of your website. CSP Stapling has been enabled since Apache 2.3.6. It is included in the enable mod_ssl function (which is also required for SSL). OCSP Stapling is disabled by default in Apache.
In order to enabled it, you must include the following lines in your configuration file:
SSLUseStapling On
SSLStaplingCache shmcb:/path/to/datafile[(size)]
Note: The SSLStaplingCache is mandatory for OCSP Stapling to work.
More information on these directives can be found at http://httpd.apache.org/docs/trunk/mod/mod_ssl.html. You can read up more on OCSP Stapling at https://support.quovadisglobal.com/KB/a415/what-is-ocsp-stapling.aspx.