How To install SSL Certificate on Apache in Linux Server

Introduction

Secure Socket Layer (SSL) certificates ensure that data between the server and client browsers remains private. This guide will walk you through the process of setting up an SSL certificate on an Apache server for both CentOS/RHEL and Ubuntu systems.

Prerequisites

  • A CentOS/RHEL or Ubuntu-based system.

  • Root or sudo access to the server.

  • An SSL certificate and private key.

Step-by-Step Guide

1. Copy the Certificate Files to Your Server

Before you begin the installation process, you'll need to have your SSL Certificate and Private Key ready. These files are typically provided by your SSL provider.

  • Action: Download your SSL Certificate and Private Key from your SSL provider.

  • Action: Transfer them to your server.

For CentOS/RHEL:

Create a directory for SSL files

mkdir -p /etc/ssl/private

For Ubuntu:

Create a directory for SSL files
sudo mkdir -p /etc/apache2/ssl

  • Note: Ensure these files are secure. They should be readable by root only.

2. Install Mod SSL and Apache

  • For CentOS/RHEL:

yum -y install httpd mod_ssl
sudo systemctl enable httpd.service
systemctl start httpd.service

  • For Ubuntu:

sudo apt update
sudo apt install apache2
sudo a2enmod ssl
sudo systemctl restart apache2

3. Set Up the Certificate

For CentOS/RHEL:

  • Navigate to /etc/ssl/private and set permissions:

chmod 700 /etc/ssl/private

  • Open the SSL configuration file:

sudo vi /etc/httpd/conf.d/ssl.conf

  • Set Up the Certificate

Once you've placed your certificate and private key in the appropriate directory, you'll need to configure Apache to use them.

Action: Locate and modify the following lines to point to your certificate and private key files:

SSLCertificateFile /etc/ssl/private/your_domain_name.crt
SSLCertificateKeyFile /etc/ssl/private/your_private_key.key

Note: Replace "your_domain_name.crt" with the name of your certificate file and "your_private_key.key" with the name of your private key file.

For Ubuntu:

  • Navigate to /etc/apache2/ssl and set permissions:

sudo chmod 700 /etc/apache2/ssl

  • Open the default SSL configuration file:

sudo nano /etc/apache2/sites-available/default-ssl.conf

For both systems, locate and modify the lines to point to your certificate and private key files.

Modify the Directives:

Replace the paths with the paths to your actual certificate and private key:

SSLCertificateFile      /etc/apache2/ssl/your_domain_name.crt

SSLCertificateKeyFile /etc/apache2/ssl/your_private_key.key

Save and Close:
After making the changes, save and close the file.

Enable the Default SSL Site:
If it's not already enabled, you can enable the default SSL site using:

sudo a2ensite default-ssl

Reload Apache:
Finally, to apply the changes, reload Apache:

sudo systemctl reload apache2

This will ensure that Apache uses the specified SSL certificate and private key for secure connections.

4. Redirect to HTTPS

For CentOS/RHEL:

  • Open the main Apache configuration file:

sudo vi /etc/httpd/conf/httpd.conf

For Ubuntu:

  • Open the default Apache configuration file:

sudo nano /etc/apache2/sites-available/000-default.conf

For both systems, add the following lines to redirect traffic:

 

    ServerName www.yourdomain.com

    Redirect "/" "https://www.yourdomain.com/"

 

Replace www.yourdomain.com with your actual domain name.

5. Test and Restart Apache

For CentOS/RHEL:
apachectl configtest
systemctl restart httpd

For Ubuntu:
sudo apache2ctl configtest
sudo systemctl restart apache2

Conclusion

Your Apache server, whether on CentOS/RHEL or Ubuntu, is now configured to use SSL, ensuring secure connections for your visitors. Always remember to renew your SSL certificate before it expires to maintain a secure environment.


Was this article helpful?

mood_bad Dislike 0
mood Like 0
visibility Views: 1040