PhenixID

PSD1078 – Add SSL certificate to Apache

Environment

Apache HTTP server on Linux or Windows

Situation

You have installed and configured an Apache HTTP server and like to add a certificate to support HTTPS.
Note: If you like to create a self-signed certificate for testing purpose, please read PSD1052

Configure on Linux

Prerequisite

You have installed and configured Apache HTTP server on Linux

Apache module

Enable SSL module:
sudo a2enmod ssl

Add SSL certificate to Apache on Linux

After default installation of Apache HTTP is used for communication.
We will now change this and use configuration for HTTPS instead.
The example below is for Ubuntu but will be similar on other distributions.

The configuration for the URL:s that should be proxied is done in the configuration file used for http/https, normally located (or linked) in  the folder /sites-enabled.
We will use the file default-ssl.conf.

In this file find the lines:
SSLCertificateFile – The file containing your certificate
SSLCertificateKeyFile – The file conatining the key used to generate the csr
SSLCertificateChainFile – The intermediate certificate from CA used to create your certificate

Now configure them so they point to your files, for example:
SSLCertificateFile /etc/apache2/certs/my.crt
SSLCertificateKeyFile /etc/apache2/certs/my.key
SSLCertificateChainFile /etc/apache2/certs/intermediate.crt

Restart Apache service after the changes.

Configure on Windows

Prerequisite

You have installed and configured Apache HTTP server on Windows

Add SSL certificate to Windows

  1. Open httpd-ssl.conf (located in /conf/extra/ folder)
  2. Find line SSLCertificateFile
    1. For example:
      SSLCertificateFile “C:/OpenSSL-Win64/bin/my.crt”
    2. Make sure to remove #
  3. Find line SSLCertificateKeyFile
    1. For example:
      SSLCertificateKeyFile “C:/OpenSSL-Win64/bin/my.key”
    2. Make sure to remove #
  4. Find line SSLCertificateChainFile
    This parameter is optional. Should NOT be used if no intermediate CA certificate is used or if your certificate is self-signed.

    1. For example:
      SSLCertificateChainFile “c:/Apache24/conf/server-ca.crt”
    2. Make sure to remove #
  5. Save httpd-ssl.conf and restart Apache HTTP server
DISCLAIMER
Information provided in this document is for your information only. PhenixID makes no explicit or implied claims to the validity of this information. Any trademarks referenced in this document are the property of their respective owners.

The origin of this information may be internal or external to PhenixID. PhenixID makes all reasonable efforts to verify this information.

PhenixID - support.phenixid.se