Install SSL Certificate: Apache

Download and copy your certificate files to your server

Download your SSL certificate and support files by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. Unzip the files and copy them into the directory where you will keep your certificates. Some files in the zip may or may not be used depending on your server type.

Rename all the files in the zip from a .txt extension to .crt extension (not all files will be used).

1. Install GeoTrust CA Bundle

1. Save the GeoTrust CA Bundle (GeoTrust_CA_Bundle.crt) to your server. The GeoTrust CA Bundle contains all the necessary intermediates and root bundled into a single file. This file can be placed in the same directory as your SSL server certificate such as /usr/local/ssl/crt (yours may be different).

2. Install the SSL Server Certificate

1. Save the server certificate (your_domain_com.crt) to the Apache server directory in which you plan to store your certificates, such as /usr/local/ssl/crt (yours may be different).

3. Configure the Server

1. Open the Apache httpd.conf file in a text editor.

   How to find your httpd.conf file: use the following command to figure out where Apache is pulling its configuration from:
   apache2ctl -V | grep SERVER_CONFIG_FILE
   or just
   apachectl -V | grep SERVER_CONFIG_FILE

2. Locate the SSL VirtualHost container associated with your certificate. Verify that you have the following three directives within this virtual host. Please add them if they are not present.
   

   Locate the <VirtualHost> node in your httpd.conf file. You should have three directives.

       <VirtualHost 172.18.116.42:443>
         DocumentRoot /etc/httpd/htdocs
         ServerName secure.somewhere.com
         SSLEngine on
         SSLCertificateFile /usr/local/ssl/crt/your_domain_com.crt
         SSLCertificateKeyFile /usr/local/ssl/private/private.key
         SSLCACertificateFile /usr/local/ssl/crt/GeoTrust_CA_Bundle.crt
       </VirtualHost>

   The first directive tells Apache how to find the server certificate file, the second one where the private key is located, and the third line the location of the GeoTrust CA Bundle.

   Some versions of Apache will not accept the SSLCACertificateFile directive. Try using SSLCertificateChainFile instead.

   If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path and filename to reflect your server.

   Note: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start.

3. Save the changes and exit the editor.
4. After making changes to your config file it is good practice to check the file for syntax errors using apachectl configtest. The command will return Syntax Ok if there are no errors.
5. Restart your apache web server:
   apachectl stop
apachectl start
   

Verify Installation

To verify if your certificate is installed correctly, use our Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.