Make sure you have all the following files saved before proceeding:
- Your Server Certificate - This is the certificate you received from the CA for your domain. You may have been sent this via email. If not, you can download it by visiting your Account Dashboard and clicking on your order.
- Intermediate Certificates - These files allow the devices connecting to your server to identify the issuing CA. There may be more than one of these certificates. If you got your certificate in a ZIP folder, it should also contain the Intermediate certificate(s), which is sometimes referred to as a CA Bundle.
Your Private Key - This file should be on your server, or in your possession if you generated your CSR from a free generator tool. On certain platforms, such as Microsoft IIS, the private key is not immediately visible to you but the server is keeping track of it.
Note: The above files should be saved to the server directory where all certificate/key files are stored.
Locate the apache config file to edit. The main config file is typically called httpd.conf or apache2.conf and located via /etc/httpd or /etc/apache2/.
Note: The SSL config file can be in a <VirtualHost> block in another config file. You can always search for the SSL conf file on Linux distributions using this grep command: grep -i -r "SSLCertificateFile" /etc/httpd/
Configure the httpd.conf file and enter the following commands on your VirtualHost to successfully enable SSL:
<VirtualHost 209.123.546.123:443> – other config details- SSLEngine on SSLCertificateFile /etc/httpd/conf/ssl.crt/yourdomain.crt SSLCertificateKeyFile /etc/httpd/conf/ssl.key/yourdomain.key SSLCertificateIntermediateFile /etc.httpd/conf/intermediate.crt </VirtualHost>
Note: If you need the site to load via https and http, create another virtual host for http. You can simply copy the existing config file before making any during this step.
Test your new config file by running the following command:
If successfully tested, restart Apache by running the following commands:
apachectl stop systemctl stop httpd
apachectl start OR systemctl start httpd
Note: You may be asked to enter the password you generated with your RSA key. If you do not want to be asked for a password, you will need to re-generate your RSA key file.
Congratulations! You've successfully installed your SSL certificate! To check your work, visit the website in your browser at https://yourdomain.tld and view the certificate/site information to see if HTTPS/SSL is working properly. Remember, you may need to restart your server for changes to take effect.