How to Install an SSL Certificate on Apache that run Ubuntu?

This guide explains installing an SSL certificate on an Apache 2 server. It covers steps such as downloading and uploading the certificate file, configuring the necessary parameters on the Apache 2 server, and verifying the installation. Key parameters include the certificate file, certificate chain, and certificate key. Once the SSL certificate is installed, the Apache 2 server can be accessed via HTTPS, providing secure data transmission.

Prerequisites

• SSL Certificate
• Apache server

Steps to install SSL Certificate on Apache server

Step 1: Download the certificate

• Log on to the Certificate Management Service console.
• In the left-side navigation pane, click SSL Certificates.
• On the SSL Certificates page, find the certificate that you want to manage and click Download in the Actions column.
• Find Apache in the Server Type column and click Download in the Actions column.
  

• CSR Generation parameters that you use when you submit the certificate application.

When set to Automatic:

• Certificate file in CRT format: The default file name is based on the domain name bound to the certificate, suffixed with `_public.crt`. This file contains the certificate encoded in Base64.
• Certificate chain file in CRT format: By default, named similarly to the certificate file, suffixed with `_chain.crt`.
• Private key file in KEY format: Defaults to the domain name bound to the certificate, in `.key` format.

When set to Manual:

• If you use a CSR generated through the Certificate Management Service console, the extracted certificate file from the package matches the one obtained automatically.
• If the CSR isn't created via the Certificate Management Service console, only the PEM certificate file can be extracted from the package. The password or private key files cannot be extracted directly. A certificate toolkit is recommended for converting these files into the required formats.

Step 2: Install the certificate on the Apache 2 server

• Run the following command to create a directory named ssl in the installation directory of Apache 2.

mkdir /etc/apache2/ssl

• Upload the certificate file and private key file to the certificate directory /etc/apache2/ssl of the Apache 2 server.
• Run the following command to enable the SSL module:

sudo a2enmod ssl

• After you enable the SSL module, the SSL configuration file default-ssl.conf is generated in the /etc/apache2/sites-available directory.

Note: The default-ssl.conf file may be stored in the

 `/etc/apache2/sites-available` or `/etc/apache2/sites-enabled` directory.

• The sites-available directory stores the configuration files of available virtual hosts.The sites-enabled directory stores the configuration files of enabled virtual hosts
• After you enable the SSL module, HTTPS port 443 is automatically enabled. If port 443 is not automatically enabled, you can add Listen 443 to the /etc/apache2/ports.conf configuration file to enable port 443.
• Modify certificate-related settings in the default-ssl.conf configuration file.

(a) Run the following command to open the default-ssl.conf file:

vim /etc/apache2/sites-available/default-ssl.conf

(b) Find the following parameters in the default-ssl.conf configuration file and modify the settings based on the following comments:

ServerName example.com  # Replace example.com with the domain name that you bind to the certificate.
 If the configuration file of your server does not contain this parameter, you must manually add this parameter. 
SSLCertificateFile /etc/apache2/ssl/domain_name_public.crt  # Specify the path to your certificate file.  
SSLCertificateKeyFile /etc/apache2/ssl/domain_name.key   # Specify the path to your private key file.  
SSLCertificateChainFile /etc/apache2/ssl/domain_name_chain.crt  # Specify the path to your certificate chain file. 

• Command to map the default-ssl.conf configuration file to the /etc/apache2/sites-enabled directory to realize automatic association between the configuration file and the directory.

sudo ln -s /etc/apache2/sites-available/default-ssl.conf /etc/apache2/sites-enabled/001-ssl.conf

• Run the following command to reload the Apache 2 configuration file:

sudo /etc/init.d/apache2 force-reload

• Run the following command to restart the Apache 2 service:

sudo /etc/init.d/apache2 restart

Step 3: Check whether the certificate is installed

• After you install a certificate, you can access the domain name that is bound to the certificate to verify whether the certificate is installed.

https://yourdomain   # Replace yourdomain with the domain name that is bound to your certificate.

• If a lock icon appears in the address bar, the certificate is installed.