Support Desk

Install SSL Certificate on Apache 2 Web Server

Download and unzip your certificate files

Download and unzip your SSL certificate files by clicking on the download link in your fulfillment email or from your GeoCerts SSL Manager account. There will be two .crt files.

  1. your_domain_com.crt
  2. CA_Bundle.crt

Copy these files, along with the private key file you created when generating the CSR, to the Apache server directory in which you plan to store your certificates. The location depends on your Linux distro.

SSL directory on Ubuntu/Debian/Gentoo

The correct directory place to store your_domain_com.crt and CA_Bundle.crt  is /etc/ssl/certs
Save your private keys to /etc/ssl/private

SSL directory on CentOS

The correct directory place to store your_domain_com.crt and CA_Bundle.crt  is /etc/pki/tls/certs
Save your private keys to /etc/pki/tls/private

Note: for added security make these files readable by root only.

Locate your Apache VHost configuration file

The location of your Apache config files will vary depending on your Linux distribution's default layout. For Ubuntu with Apache2 the main VHost config file is typically located in /etc/apache2/sites-enabled/your_site_name

Having trouble locating your server's VHost config file? Try one of these commands to point you in the right direction.

apache2ctl -V | grep SERVER_CONFIG_FILE
apachectl -V | grep SERVER_CONFIG_FILE
grep -i -r "SSLCertificateFile" /etc/

Edit your Apache <VirtualHost> config file

Open the Apache config file for editing. Locate the <VirtualHost> container. Below is ano-frills example of a virtual host with three directives in bold that must be configured for SSL.

<VirtualHost 192="" 168="" 0="" 1:443="">
  DocumentRoot /var/www/
  SSLEngine on
  SSLCertificateFile /path/to/your_domain_com.crt
  SSLCertificateKeyFile /path/to/your_private.key
  SSLCertificateChainFile /path/to/CA_Bundle.crt

Adjust file names to match names of your cert files.

  • SSLCertificateFile is your SSL domain server certificate file: your_domain_com.crt
  • SSLCertificateKeyFile is the private key you created when you generated the CSR: private.key
  • SSLCertificateChainFile is the CA intermediate(s) bundle file: CA_Bundle.crt
Note: Some versions of Apache will not accept the SSLCACertificateFile directive. Try using SSLCertificateChainFile instead.

Test your Apache SSL configuration

After making changes to your Apache config file it is good practice to check for syntax errors before restarting. Apache will not start if there are config syntax errors. The command will return Syntax OK if there are no errors.

~$ apachectl configtest
Syntax OK

Restart Apache

You can use apachectl commands to restart Apache with SSL support.

~$ apachectl stop
~$ apachectl start

Verify Installation

  • To verify if your certificate is installed correctly, use our Certificate Installation Checker.
  • Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to, enter into your browser.
  • Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

Additional Resources