Login Signup Buy Now

Toll Free Toll Free: 800-892-7095   Live Chat Live Chat

Install SSL Certificate: Apache 2

If you have not already set up a secure virtual host or would like to learn more about SSL on Apache, refer to Building a Secure RedHat Apache Server How-To by Richard Sigle.

Follow these instructions to install your SSL server certificate.

  1. Your SSL server certificate will be sent to you by email. The email message includes the web server certificate that you purchased in the body of the email message. Copy the certificate from the body of the email and paste it into a simple text editor, such as Notepad.

    Copy Certificate to Notepad
  2. Save the server certificate to the Apache server directory in which you plan to store your certificates.

    Tip: the default directory will be /etc/httpd/conf/ssl.crt/ if you installed Apache using the RPM or /usr/local/apache/conf/ssl.crt/ directory if you installed Apache using the source files. Please note that ssl.crt is a directory, not a file.

  3. Open the Apache httpd.conf file in a text editor.
  4. Locate the SSL VirtualHost container associated with your certificate. Verify that you have the following two directives within this virtual host. Please add them if they are not present:

    If your path is /etc/httpd/conf/...

    SSLCertificateFile /etc/httpd/conf/ssl.crt/domainname.crt (or server.crt)
    SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domainname.key (or server.key)

    Or, if your path is /usr/local/apache/conf/...

    SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt (or server.crt)
    SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domainname.key (or server.key)
  5. Save the changes and exit the editor.
  6. Start or Restart your apache web server using one of the following commands:
    By default:

    /usr/local/apache/bin/apachectl startssl
    or
    /usr/local/apache/bin/apachectl restart

    Other commands:
    /usr/sbin/httpd startssl or restart
    /usr/sbin/httpd startssl or restart

Test Your SSL Certificate

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

CSR Legend

When generating your CSR you will be asked to input a few pieces of info. Below are some common fields with descriptions and examples.

Common Name (CN)

The fully-qualified-domain name for your certificate. Examples include...

  • www.domain.com
  • owa.domain.net
  • secure.domain.ca
  • *.domain.com (for wildcard SSL)

Organization (O)

The exact legal name of your organization. Do not abbreviate your organization's name. Example: Metro Realty LLC or Flowers by Jenny

Organizational Unit (OU)

The section or division of the organization. Example: Sales, Support, Customer Service

City or Locality (L)

The city where your organization is legally located. Cannot be abbreviated. Example: Atlanta

State (S) or Province

The state or province where your organization is legally located. Cannot be abbreviated.. Example: Georgia

Country (C)

The two-letter ISO Country Code abbreviation for your country. Example: US, CA, GB (must be two-letters)

Email

Any email address. This field is arbitrary but must be filled in. GeoTrust will not use this email address to process your order. Example: user@example.com

Key Bit Length

The key bit length has to do with the initial key exchange, not the encryption strength of your certificate. GeoTrust recommends a key bit length of at least 1024.

Our Customers

  (see more)
Our customers

Copyright © 2002-2009 GeoCerts, Inc. Site content monitored & protected by Copy Alerts

* Ten minutes applies to QuickSSL & QuickSSL Premium only. SSL orders flagged by GeoTrust for a manual security audit may take longer than ten minutes.