Installing an SSL certificate onto an Apache webserver

 In Apache

These instructions show you how to install SSL Certificate in your webserver running Apache2.

In order to have a valid certificate for your website, you need to have 3 files stored on your webserver: a key file, a csr (both generated by openssl) file and a pem file (generated by the certificate authority).

1. Use Openssl to generate .csr and .key files

After you decide on one certificate authority you need to:

  • use openssl to generate a key and a csr file. SSH into your webserver and type or open a terminal window on your machine:
openssl req -new -newkey rsa:2048 -nodes -keyout mywebsite.co.uk.key -out mywebsite.co.uk.csr

where ‘mywebsite’ is the name of your website (e.g. google.co.uk)


This command will start generating you a private KEY file (used for the decryption of your SSL Certificate) and a CSR file (used to apply for your SSL Certificate to the certificate authority)

  • You will be prompted for the Common Name (domain name). Enter the fully qualified domain name for the site (e.g. www.mywebsite.co.uk)
  • After this, you will be prompted for other organizational information like geographical position, company name, etc. Fill in the details accordingly.

At this moment if you type ll you’ll see that openssl created two files for you:

-rw-r–r– 1 root root 1123 Oct 30 16:56 mywebsite.co.uk.csr
-rw-r–r– 1 root root 1704 Oct 30 16:56 mywebsite.co.uk.key


Open the CSR file with a text editor:

sudo vim mywebsite.co.uk.csr

Copy and paste all the text inside the file (including the start and the ending tags) into the order form of the certificate authority you’ve chosen. After you fill in all the necessary details and give them the CSR file they will release a PEM file for you.


  •  Create a new directory and use it to keep your certificate files:
mkdir /etc/ssl/certificates
  • Copy your key into the new directory:
cp mywebsite.co.uk.key /etc/ssl/certificates
  • Create a new file in the certificates directory and copy and paste the text from the PEM file released by the certificate authority. You can use your text editor to create the file:
sudo vim mywebsite.co.uk.pem

Replace ‘mywebsite’ with your website name.

Paste the text from the PEM file and save it.

2. Change the website .conf file

Next, you need to tell Apache about this change by adding a block of code in the website .conf file. You can fine your website .conf file in sites-available. If you’re not sure what is the name of your config file, navigate to sites-available:

sudo vim /etc/apache2/sites-available

and type ll to list the files inside this directory. You should see now your website config file (or if you have more than one websites on your webserver you should be able to see all of them):


#> ll
-rw-r--r-- 1 root root 2595 Apr 23 2015 mywebsite.co.uk.conf

Open the file with a text editor:

sudo vim mywebsite.co.uk.conf

and paste this code at the bottom of the file:


#Https
<virtualhost *:443>
ServerName www.mywebsite.co.uk
ServerAlias *.mywebsite.co.uk
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html/mywebsite
#Logging
LogLevel warn
ErrorLog ${APACHE_LOG_DIR}/mywebsite-error.log
CustomLog ${APACHE_LOG_DIR}/mywebsite-access.log combined
# SSL Section
SSLEngine on
# SSLCertificateFile directive is needed.
SSLCertificateFile /etc/ssl/certificates/mywebsite.co.uk.pem
SSLCertificateKeyFile /etc/ssl/certificates/smywebsite.co.uk.key
SSLCertificateChainFile /etc/ssl/certs/GlobalSign_DomainSSL_Root_CA.pem
<directory /var/www/html/mywebsite>
Options -Indexes +FollowSymLinks +MultiViews
AllowOverride All
Require all granted
</directory>
</virtualhost><virtualhost>

Don’t forget to replace ‘mywebsite.co.uk’ with your website name and adjust the DocumentRoot section if necessary.

All done.

Leave a Comment

Contact Us

Call us on: 01332 890460 or Send us an email and we'll get back to you, asap.