This article will assist you to import SSL Certificate in Apache Server. We believe that you have already exported the SSL Certificate from existing Apache web server. If not, go through our article How to export an SSL Certificate from Apache server. Exporting an SSL Certificate, you will get .pfx file. You will need to extract all individual certificates and private key from .pfx file using OpenSSL.
- Copy the .pfx file to the destination server.
- Run following OpenSSL command to create a text file with the contents of the .pfx file:
openssl pkcs12 -in [sslCertName.pfx] -nocerts -out [outputFileName.pem] -nodes
sslCertName.pfx == Input file name outputFileName.pem == Output file name - While you issue this command, you will be asked for Import Password. Enter the password you had set while exporting the certificate.
- On success, you will get the message MAC verified OK.
- Now, we need to extract the private key and certificate file from the .pem file. Open outputFileName.pem file in any text editor and copy each key, make separate text file for each certificate including the ----- BEGIN RSA PRIVATE KEY ----- and ----- END RSA PRIVATE KEY ----- lines.
- Move to Apache server configuration file (httpd.conf). The actual directory of this configuration file may be different. Usually, you can locate this file under /etc/httpd/ directory. You can also use following command to find httpd.conf file.
find / -name 'httpd.conf'
- Once you locate httpd.conf file open it in editor and find <VirtualHost> tag in the file.
- If you want your website to be accessible through both protocols (https and http), copy existing <VirtualHost>Â tag and change the port from port 80 to 443 as follows. Following is a basic example of a virtual host configuration for SSL. The parts listed in bold are the parts that must be added for SSL configuration.
<VirtualHost 192.168.3.1:443> DocumentRoot /home/user/mydomain/html ServerName www.yourdomain.com SSLEngine on SSLCertificateFile /path/to/your_domain_name.crt SSLCertificateKeyFile /path/to/your_private.key SSLCACertificateFile /path/to/CA.crt
- Save the changes and exit the editor.
- It is always a good practice to check your Apache config files for any errors when you modify it. Since we have changed settings of Apache Config file, we will test for the errors. Issue following command to check errors.
apachectl configtest
- If apache configuration file has no errors, you will get Syntax OK message. If you get error like -bash: apachectl: command not found, you need to find apachectl file first. To find this file, run the following command.
find / -name 'apachectl'
- As an output of this command, you will get a full path of the apachectl file. Copy this file path, place configtest after the path and run this command as follows. Once you receive Syntax OK message, restart the Apache web server.
- Restart apache web server using following commands.
apachectl stop
apachectl start - SSL Certificate is now successfully imported into Apache server. To test this, browse your website with the https protocol. You will see padlock icon before the URL in the browser address bar. This shows that your certificate is installed and configured properly.
Â
- These steps are performed on CentOS 5.6. For other Linux based distributions, it may vary.
- These steps can only be performed if you have root access to your Linux VPS/Dedicated Server.
