Installing the certificate on the Apache HTTP server
- Tutorial
This article offers step-by-step instructions for installing a certificate on an Apache HTTP server. Please note that since version 2.4.8 Apache server configuration settings have been changed.
1. Copy the certificate files to your server.
You need to copy the following files to the server: a server certificate, a private (private) key and an intermediate certificate corresponding to the type of your server certificate.
The server certificate was sent to you by email after its release in GlobalSign. You can also receive it in your GlobalSign account by clicking on the
“ Edit ” button to the left of the order number and copying the certificate in PEM format .
The private key for the certificate is created along with the certificate request (CSR), so the private key file may already be on your server. If the private key is lost, the certificate must be reissued.
An intermediate certificate that will need to be installed on the server depends on the type of your certificate. It is the presence of an intermediate certificate in the chain that allows you to associate your certificate with the root (root) certificate of GlobalSign and make the chain trusted. Download one or more intermediate certificates , according to the type of your certificate, from the link below:
support.globalsign.com/customer/portal/topics/538410-root-certificates/articles
2. Open the Apache configuration file for editing.
Depending on the type of operating system, the path to the configuration
file directory may be different:
CentOS / RedHat:
/etc/httpd/httpd.conf
/etc/httpd/sites-enabled/name-of-virtualhost.conf Debian / Ubuntu:
/etc/apache2/apache2.conf
/etc/apache2/sites-enabled/name-of-virtualhost.confMore information about the path to find the configuration file can be found at the link below:
https://wiki.apache.org/httpd/DistrosDefaultLayout
3. Configure a virtual host for the certificate to work.
Find the VirtualHost section and add (or edit, if they already exist) the following directives, indicating the actual paths to the certificate and key files:
<VirtualHost xxx.xxx.x.x:443>DocumentRoot /var/www/examplesite
ServerName example.com www.example.com
SSLEngineonSSLCertificateFile /path/to/examplesite.crt
SSLCertificateKeyFile /path/to/privatekey.key
SSLCertificateChainFile /path/to/intermediate.crt
</VirtualHost>Make sure that the paths SSLCertificateFile, SSLCertificateKeyFile, SSLCertificateChainFile are correct, each of them should point to the corresponding file.
Note: Starting with Apache 2.4.8, instead of using the SSLCertificateChainFile directive, you should use the SSLCertificateFile directive, which has been extended to support intermediate certificates. Adding an intermediate certificate to the end of the server's certificate file will create the necessary trusted chain.
4. Test the generated server configuration.
Depending on the operating system, run the command:
apachectl configtest or
apache2ctl configtestRunning the command will detect server configuration errors, such as a mismatch between the private key and the certificate or the wrong path to the configuration file.
5. Restart the Apache server.
For older versions of the Red Hat Enterprise Linux distribution, use the following scripts:
CentOS / RedHat:
service httpd restartDebian / Ubuntu:
service apache2 restartFor Red Hat Linux 7 or CentOS 7.0 distributions, use the following commands:
CentOS / RedHat:
systemctl restart httpd.serviceDebian / Ubuntu:
systemctl restart apache2.serviceNote: Some Apache configurations may display the SSLCACertificateFile directive.
This field is required only if the Apache server is used to authenticate the client.
The SSLCACertificateFile directive will point to a certificate authority center or certificate directory, which in turn serves to issue certificates that you accept for client authentication.
If you have any questions about installing the GlobalSign certificate on the Apache HTTP server, please contact GlobalSign Russia support service : support@globalsign.com, phone: +7 (499) 678 2210