Certificate Installation: Apache & mod_ssl
apache apache apache apache apache apache apache apache apache apache apache apache

Installing your Certificate on Apache with mod_ssl

    1. Extract all of the contents of the ZIP file that was sent to you and copy/move them to your server. The extracted contents will typically be named: yourDomainName.crt and

  1. Move all of the certificate related files to their appropriate directories.

    A typical setup:

      1. Move the Private Key that was generated earlier to the ssl.key directory, which is typically found in /etc/ssl/. This must be a directory which only Apache can access.

    1. Move the yourDomainName.crt and to the ssl.crt directory, which is typically found in the /etc/ssl/ directory.
  2. Edit the file that contains the SSL configuration with your favorite text editor.
    Examples: nano, vi, pico, emacs, mousepad, notepad, notepad++, etc.

    Note: The location of this file may vary from each distribution. It will be referenced in the Apache global configuration file. Look for the lines starting with include.

  3. Apache Configuration File:

    1. Fedora/CentOS/RHEL: /etc/httpd/conf/httpd.conf
    2. Debian and Debian based: /etc/apache2/apache2.conf

    SSL Configuration File:

    Some possible names:

    1. httpd-ssl.conf
    2. ssl.conf
    3. In the /etc/apache2/sites-enabled/ directory.

    Note: If need be please consult your distribution's documentation on Apache and SSL or navigate to the Apache Foundation's Apache2 Documentation.

  4. In the VirtualHost section of the file please add these directives if they do not exist. It is best to comment out what is already there and add the below entries.

    1. SSLEngine on
    2. SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
    3. SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
    4. SSLCertificateChainFile /etc/ssl/ssl.crt/ ***

  5. Apache 1.3.x:
    SSLEngine on
    SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
    SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
    SSLCACertificateFile /etc/ssl/ssl.crt/
    Apache 2.x:
    SSLEngine on
    SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
    SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
    SSLCertificateChainFile /etc/ssl/ssl.crt/
  6. Save your config file and restart the Apache service. It is sometimes required to 'stop' then 'start' Apache, instead of issuing the 'restart' command for the changes to take effect.


If you have chosen to have a password on your private key, you will be prompted to enter it each time Apache is started or restarted. Apache will not fully start until the password is entered.

The configuration file is often called httpd.conf or apache.conf, although sometimes the SSL-specific section is placed in a separate file called ssl.conf and linked from the main configuration by an 'Include' command. Sometimes, theVirtualHost section will be in a specific file for that site, in a sub-directory often labelled sites-enabled/.

Much of the layout of Apache's configuration files and directory naming conventions is controlled by the distribution of OS you are using. It is recommended that you look at the distribution's own site and documentation to confirm the locations.


Related Articles

  1. SSL/TLS Strong Encryption: How-To -- Apache HTTP Server
  2. Which is Root? Which is Intermediate?
  3. How do I make my own bundle file (CA Certificate) from CRT files?

Comments (3)
Amit Gaur
November 01 2016 04:49
Can your team install it> I am not able to do that.

Andy Jordaan
November 22 2016 18:47
I agree nobody has put any effort whatsoever into these guides, like vague ramblings
March 28 2017 00:19
I have followed these guides to the letter and they do work for the certificate you have bought but in following these guides any websites you have that do not require or use https appear to be included in this certificate.
Those other web sites then do not work as the path to them is by default https
Help Desk Software by Kayako
© 2018 Comodo Security Solutions, Inc. All rights reserved.