Ask a Question

Solution ID : SO6252

Last Modified : 05/02/2018

Installation Instructions for Apache

Solution

This document provides instructions for installing SSL Certificates for Apache. If these instructions do not work for installation on the server, RapidSSL recommends that the vendor of the software or an organization that supports Apache.

Watch RapidSSL's Tutorial Videos for a more visual experience!

Note:  If unable to view the video, please click here to go directly to the video source.

 

Select the correct installation instructions based on the following certificate criteria below:

RapidSSL Security Center
Certificates enrolled on or after November 10, 2017

Partner issued certificates
Certificates enrolled on or after November 10, 2017

 

 

RapidSSL Security Center - Certificates enrolled on or after November 10, 2017

This document provides two options for installing SSL certificate for Apache HTTP Server. If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Apache HTTP Server.

  • Symantec SSL Assistant certificate installation
  • Manual SSL certificate installation

 

Symantec SSL Assistant Certificate Installation

  1. Download your certificate from the unique secure link we provide your technical contact via order fulfillment email.
  2. The ZIP file you downloaded contains the following certificates:
    • SSL certificate (i.e. ssl_certificate.crt, also known as End Entity certificate, Public Key certificate, Digital certificate or Identity certificate).
    • Intermediate CA certificate (i.e. IntermediateCA.crt, also known as Chained certificate or Signer/issuer of the End Entity certificate).
    • SSL Assistant (Installation tool).
  3. Unzip the download files onto the server where you will install the certificate.
  4. Follow instructions in getting_started.txt file and go to the SSL Assistant directory.

 

Install Your SSL Certificate Manually

Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the below directives. Do not enter both as there will be a conflict and Apache may not start.

  1. Download your certificate from the unique secure link we provide your technical contact via email.
  2. The ZIP file you downloaded contains the following certificates:
    • SSL certificate (i.e. ssl_certificate.crt, also known as End Entity certificate, Public Key certificate, Digital certificate or Identity certificate).
    • Intermediate CA certificate (i.e. IntermediateCA.crt, also known as Chained certificate or Signer/issuer of the End Entity certificate).
    • SSL Assistant (optional installation tool).
  3. Unzip the download files onto the server where you will install the certificate.
  4. Copy the End Entity certificate & Intermediate CA certificate to the directory on your server where you keep the private key file generated when the Certificate Signing Request (CSR) was made. The httpd.conf or ssl.conf file will need to be updated.
  5. In the Virtual Host section of the httpd.conf or ssl.conf file, verify that there are the following 3 directives within this Virtual Host.

    Please add the SSL directives if they are not present:

    SSLCertificateFile /usr/local/ssl/crt/public.crt - this is your SSL certificate file (aslo known as End Entity certificate, Public Key certificate, Digital certificate or Identity certificate).

    SSLCertificateKeyFile /usr/local/ssl/private/private.key - this is the private key file generated when you created the Certificate Signing Request (CSR).

    SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt - this is the Intermediate CA certificate file (also known as Chained certificate or Signer/issuer of the End Entity certificate).

    Note: Some versions of Apache will not accept the SSLCertificateChainFile directive. Try using SSLCACertificateFile instead.

    For example:

  6. Save your httpd.conf or ssl.conf file and restart Apache. You can most likely do so by using the apachectl script:

    apachectl stop
    apachectl startssl

  7. You should now be set to start using your RapidSSL certificate with your Apache-SSL Server.


Verify Certificate Installation

  1. To verify if your certificate is installed correctly, use the RapidSSL Installation Checker.

     

 

Partner issued certificates - Certificates enrolled on or after November 10, 2017

 

Step 1: Download SSL certificate from User Portal

To download a RapidSSL Certificate from the User Portal, perform the steps bellow:

  1. Visit the RapidSSL User Portal
  2. Provide the Common Name or Order Number, Technical Contact Email Address associated with the certificate order and the Image Number generated from the GeoTrust User Authentication page. 

    Note:  If access is requested using the Common Name there will be a list of order numbers for that domain.  Please select the most recent order.  Any previous orders that are listed can not be used to download the certificate.  If access is requested with an Order Number, an email will be sent to access that order.
     
  3. Select Request Access against the correct order ID.
  4. An email will be sent to the Technical Contact email address specified.
  5. Click on the link listed in the email to enter the User Portal
  6. Click View Certificate Information.
  7. Select the X.509 format from the drop down menu.
  8. Copy the SSL certificate file into the directory that will hold the certificates (e.g., /usr/local/ssl/crt/).


Step 2: Download Intermediate CA certificate

  1. Obtain the Intermediate CA certificate.
  2. Copy the Intermediate CA certificate file into the directory that will hold the certificates (e.g., /usr/local/ssl/crt/).


Step 3: Configure the server

Note: 
Some instances of Apache contain both a httpd.conf and ssl.conf file. Please update the httpd.conf or the ssl.conf with the below directives. Do not enter both as there will be a conflict and Apache may not start.

Apache version 2.4.8 allowed the server certificate to be concatenated with the intermediate.  Please click here for documentation on this alternative installation process.
 

  1. Open the .conf file in a plaintext editor such as VI or Notepad.
  2. In the Virtual Host section of the httpd.conf or ssl.conf file, locate or add the directives below.

    SSLCertificateFile /[path]/[server certificate file]

    SSLCertificateKeyFile /[path]/[private key file]

    SSLCertificateChainFile /[path]/[intermediate certificate file]

    Note: Some versions of Apache will not accept the SSLCertificateChainFile directive. Try using SSLCACertificateFile instead.

  3. The VirtualHosts in the httpd.conf file should be configured as follows:

    <VirtualHost [IP ADDRESS]:443>
    ServerAdmin [admin email address]             
    DocumentRoot /[path]/[to document root]
    ServerName [site address]
    ErrorLog /path/[error log]
    SSLEngine on
    SSLProtocol all
    SSLCertificateFile /[path]/[server certificate file]
    SSLCertificateKeyFile /[path]/[private key file]
    SSLCertificateChainFile /[path]/[intermediate certificate file]
    ServerPath /[path]
    <Directory "/path]">
    </Directory>
    </VirtualHost>
     
  4. Save the httpd.conf or ssl.conf file and restart Apache. This can most likely do so by using the apachectl script: 

    apachectl stop  
    apachectl startssl
     

Verify Certificate Installation

To verify if your certificate is installed correctly, use the RapidSSL Installation Checker.

 


Apache-SSL
 
           For more information, see the Apache Support website.