Ask a Question

Advanced Search

Solution ID : SO14731

Last Modified : 05/02/2018

Install RapidSSL Wildcard Certificate in Apache

Solution

To install your RapidSSL Wildcard Certificate in Apache, follow the instructions below:

1.  The RapidSSL certificate download link will be sent by email.

2.  Download and extract the certificate zip file from the email. 

NOTE: If you do not have the certificate and intermediate, see the links below.
Click here for steps to download the RapidSSL certificate
Click here to download the intermediate CA certificate

 
3. Copy the certificate and intermediate to the Apache server directory in which you plan to store your certificates (example: /etc/httpd/conf/ssl.key/ or /etc/httpd/conf/ssl.crt/).
 
4. Open the Apache httpd.conf file in a text editor. Locate the SSL VirtualHosts for each sub domain name associated with your certificate. Verify that you have the following 2 directives within the virtual hosts. Please add them if they are not present.
 
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
SSLCertificateChainFile /etc/httpd/conf/intermediate.crt/intermediate_CA.crt
 
5. Save the changes and exit the editor.
 
6. Stop and start your Apache web server using the following commands:
 
apachectl stop
apachectl startssl
or:
httpd -k stop
httpd -DSSL
httpsd start
 
Additional information
 
The VirtualHosts in your httpd.conf file should be configured as follows:
 
Note: Each VirtualHost will point to the same certificate, private key and ip address therefore in this case you are configuring name based virtual hosts in Apache so take note of the DocumentRoot directive. The following example is for three sub domain names.
 
<VirtualHost 164.159.238.199:443>
                ServerAdmin admin@domain.com
                DocumentRoot /www/home
                ServerName www.domain.com
                ErrorLog /www/home/logs/error_log
                SSLEngine on
                SSLProtocol all
                SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
                SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
                SSLCertificateChainFile /etc/httpd/conf/intermediate.crt/intermediate_CA.crt
                ServerPath /home
                <Directory "/www/home">
                </Directory>
</VirtualHost>
 
<VirtualHost 164.159.238.199:443>
                ServerAdmin admin@domain.com
                DocumentRoot /www/securehome
                ServerName secure.domain.com
                ErrorLog /www/securehome/logs/error_log
                SSLEngine on
                SSLProtocol all
                SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
                SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
                SSLCertificateChainFile /etc/httpd/conf/intermediate.crt/intermediate_CA.crt
                ServerPath /securehome
                <Directory "/www/securehome">
                </Directory>
</VirtualHost>
 
<VirtualHost 164.159.238.199:443>
                ServerAdmin admin@domain.com
                DocumentRoot /www/mailhome
                ServerName mail.domain.com
                ErrorLog /www/mailhome/logs/error_log
                SSLEngine on
                SSLProtocol all
                SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
                SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
                SSLCertificateChainFile /etc/httpd/conf/intermediate.crt/intermediate_CA.crt
                ServerPath /mailhome
                <Directory "/www/mailhome">
                </Directory>
</VirtualHost>
 
For more information about configuring Apache, please review http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
 
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.