Steps to Install SSL Certificate on Apache Web Server

SSL stands for Secure Socket Layer.

Secure Socket Layer (SSL) technology allows web browsers and web servers to communicate over a secure connection.

What is a Certificate?

A certificate is a digitally-signed statement from one entity (person, company,

etc.), saying that the public key (and some other information) of some other

entity has a particular value. So in a sense, it is like digital version of your ID

card such as driver’s license.

A certificate is cryptographically signed and is practically impossible for anyone else to forge

A certificate can be purchased from (signed by) a well-known CA (Certificate Authority) like Verisign.

If you are looking for information, visit the article exclusively for Secure Socket Layer (SSL).

For now lets get on with our installation.

Step 1: Save SSL Certificate Files

• After payment and document verification process your will receive certificate files (server certificate, root certificate and intermediate certificate) via email. Store these all files on your apache server directory.

Step 2: Download CA bundle Files

• For Example – The location on SSL key file is /etc/ssl/ssl.keyand the location of the Server Certificate and CA-Bundle Files is – /etc/ssl/ssl.crt)
• CA-bundles are required to install SSL Certificate. CA-Bundle files could be different based on the type of your SSL certificate (Either Domain, Organization or Extended Validation SSL certificate). Visit your SSL Certificate authority website for CA bundle files.

Step 3: SSL Configuration file (HTTPD.CNF) modification

• Open the cnffile using any text editor (E.G Notepad).
• In the virtual hostsection add following lines to add information about the domain which you wish to secure using SSL certificate.
• SSLEngineon
• SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
• SSLCertificateFile /etc/ssl/ssl.crt/domain.crt
• SSLCertificateChainFile/etc/ssl/ssl.crt/domain.ca-bundle

• For older apache version use SSLCACertificateFileinstead of SSLCertificateChainFile.
• SSLProtocol all
• SSLHonorCipherOrderOn (Ciphers use order in server)
• SSLCipherSuite
• ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS (To set up the priority to the strong ciphers & also disabling the weak ciphers as well.)
• Save the cnf

• Restart your Apache Server.
• You can also apply following commands to restart Apache
• /usr/local/apache/bin/apachectl startssl
• /usr/local/apache/bin/apachectl restart
• Your SSL Certificate is now installed on your Apache.
• Note: File names such as server.key, domain.crt, and domain.ca-bundle are used for illustration purpose only. You have to use your own certificate file names.