How to Import SSL Certificate in Apache Server? Print

  • 5

This article will assist you in importing an SSL Certificate in Apache Server. We believe you have already exported the SSL Certificate from the existing Apache web server. If not, go through our article How to export an SSL Certificate from an Apache server. Exporting an SSL Certificate, you will get .pfx file. You will need to extract all individual certificates and private key from the .pfx file using OpenSSL.

1. Copy the .pfx file to the destination server.

2. Run the following OpenSSL command to create a text file with the contents of the .pfx file:

openssl pkcs12 -in [sslCertName.pfx] -nocerts -out [outputFileName.pem] -nodes

sslCertName.pfx == Input file name outputFileName.pem == Output file name

3. While you issue this command, you will be asked for Import Password. Enter the password you had set while exporting the certificate.

4. On success, you will get the message MAC verified OK.

MAC Verification
5. Now, we need to extract the private key and certificate file from the .pem file. Open outputFileName.pem file in any text editor and copy each key, make separate text file for each certificate including the -----BEGIN RSA PRIVATE KEY ----- and ----- END RSA PRIVATE KEY ----- lines.

6. Move to the Apache server configuration file (httpd.conf). The actual directory of this configuration file may be different. Usually, you can locate this file under /etc/httpd/ directory. You can also use the following command to find httpd.conf file.

find / -name 'httpd.conf'

7. Once you locate httpd.conf file open it in the editor and find the <VirtualHost> tag in the file.

8. If you want your website to be accessible through both protocols (https and http), copy the existing <VirtualHost> tag and change the port from port 80 to 443 as follows. Following is a basic example of a virtual host configuration for SSL. The parts listed in bold are the parts that must be added for SSL configuration.

<VirtualHost 192.168.3.1:443>
DocumentRoot /home/user/mydomain/html
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/your_domain_name.crt
SSLCertificateKeyFile /path/to/your_private.key
SSLCACertificateFile /path/to/CA.crt

9. Save the changes and exit the editor.

10. It is always a good practice to check your Apache config files for any errors when you modify them. Since we have changed the settings of the Apache Config file, we will test for the errors. Issue the following command to check errors.

apachectl configtest

11. If the apache configuration file has no errors, you will get a Syntax OK message. If you get errors like -bash: apachectl: command not found, you need to find the apachectl file first. To find this file, run the following command.

find / -name 'apachectl' 

12. As an output of this command, you will get a full path of the apachectl file. Copy this file path, place configtest after the path and run this command as follows. Once you receive the Syntax OK message, restart the Apache web server.

Checking Errors in Apache Config File
13. Restart the apache web server using the following commands.

apachectl stop 
apachectl start

14. SSL Certificate is now successfully imported into the Apache server. To test this, browse your website with the https protocol. You will see the padlock icon before the URL in the browser address bar. This shows that your certificate is installed and configured properly.
 Website with SSL/HTTPS

Notes:

  • These steps are performed on CentOS 5.6. For other Linux-based distributions, it may vary.
  • These steps can only be performed if you have root access to your Linux VPS/Dedicated Server.


Was this answer helpful?

« Back

chat