Ask a Question

Solution ID : SO14822

Installation Instructions for Apache

Problem

Install SSL Certificate on Apache

Solution

To install your SSL Certificate on Apache, follow the instructions below:

This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, Thawte recommends that you contact either the vendor of your software or an organization that supports Apache-SSL.

Watch Thawte's Tutorial Videos for a more visual experience!

Note:  If you are unable to view the video, please click here to go directly to the video source.

 

Step 1: Obtain the Intermediate CA Certificate

  1. Select the appropriate Intermediate CA certificate for your SSL Certificate type: INFO1384 
    Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Wordpad may add additional characters that may render the certificate unusable.
  2. Copy and paste the Thawte Intermediate CA certificate into a text file and save as intermediate.crt.

 

Step 2: Install the Thawte Certificate

  1. Download your Thawte SSL Certificate:
  2. To follow the naming convention for Apache, rename the certificate filename with the .crt extension.  For example: public.crt
  3. Copy your Certificate into the directory that you will be using to hold your certificates in.  For example: /usr/local/ssl/crt/
     

Step 3: Configure the Server

Note: Thawte will not know how the server was configured. The below documentation is for example only.
Please consult the Server Admin for specific file names and locations. 
Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the bellow directives. Do not enter both as there will be a conflict and Apache may not start.

  1. In order to use the key pair, the httpd.conf or ssl.conf file will need to be updated.
  2. In the Virtual Host Section of the httpd.conf or ssl.conf file, verify that you have the following 3 directives within the Virtual Host.
    Please add them if they are not present:

SSLCertificateFile /usr/local/ssl/crt/public.crt

SSLCertificateKeyFile /usr/local/ssl/private/private.key

SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt

Note: Some versions of Apache will not accept the SSLCertificateChainFile directive. Try using SSLCACertificateFile instead.

The first directive tells Apache how to find the Certificate File, the second one where the private key is located, and the third line the location of the intermediate certificate.  If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path and filename to reflect your server.

Note: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start.

1. Save your httpd.conf or ssl.conf file and restart Apache. You can most likely do so by using the apachectl script:

apachectl stop
apachectl startssl

You should now be set to start using your Thawte certificate with your Apache server.

Note: Using incorrect files will not allow to start the Apache server. Check the server logs for errors and verify your files: SO322

 

Step 4: Verify your certificate installation

To verify if your certificate is installed correctly, use the Thawte Installation Checker