Install an SSL certificate on Linux
It’s important to use SSL any time sensitive data is involved such as personal information, and authentication credentials such as passwords.
Your Linux system should be:
- running Ubuntu or RHEL
- accessible over the internet
- using a valid DNS entry that points to your Linux system
Copy the SSL certificate provided by your certification provider and SSL private key file to the apache directory. The certificate file is renamed as server.crt and private key file is renamed as server.key
etcssl=/etc/apache2/ssl # for Ubuntu etcssl=/etc/httpd/ssl # for RHEL sudo mkdir -p $etcssl sudo cp server.crt $etcssl sudo cp server.key $etcssl
If your signed certificate needs a certificate chain file containing all the intermediate certificates, then you need to install the certificate chain file as well.
sudo echo >> $etcssl/server.crt sudo cat server-ca.crt >> $etcssl/server.crt
Modify your webserver configuration. ServerName must match the server name in the SSL certificate.
Ubuntu 22.04 or higher: Add this code to /etc/apache2/sites-enabled/000-default-confUbuntu 22.04 or higher<VirtualHost *:443> # Admin email, Server Name (domain name) and any aliases ServerAdmin support@xyz.com ServerName server1.xyz.com # Index file and Document Root (where the public files are located) DirectoryIndex index.php DocumentRoot /var/www/html <Directory /var/www/html> Options Indexes FollowSymLinks MultiViews AllowOverride All Order allow,deny allow from all </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log # Possible values include: debug, info, notice, warn, error, crit, # alert, emerg. LogLevel warn CustomLog ${APACHE_LOG_DIR}/access.log combined SSLEngine On SSLCertificateFile /etc/apache2/ssl/server.crt SSLCertificateKeyFile /etc/apache2/ssl/server.key </VirtualHost>
RHEL 9.0 or higher: Replace the SSLCertificateFile and SSLCertificateKeyFile lines in /etc/httpd/conf.d/ssl.conf with the following:RHEL 9.0 or higherSSLCertificateFile /etc/httpd/ssl/server.crt SSLCertificateKeyFile /etc/httpd/ssl/server.key
Restart Apache.
sudo systemctl restart apache2 # for Ubuntu sudo systemctl restart httpd # for RHEL