Install an SSL certificate on Linux

It’s important to use SSL any time sensitive data is involved such as personal information, and authentication credentials such as passwords.
Your Linux system should be:

  • running Ubuntu or RHEL
  • accessible over the internet
  • using a valid DNS entry that points to your Linux system

  1. Copy the SSL certificate provided by your certification provider and SSL private key file to the apache directory. The certificate file is renamed as server.crt and private key file is renamed as server.key

    etcssl=/etc/apache2/ssl # for Ubuntu
    etcssl=/etc/httpd/ssl   # for RHEL
    sudo mkdir -p $etcssl
    sudo cp server.crt $etcssl
    sudo cp server.key $etcssl
  2. If your signed certificate needs a certificate chain file containing all the intermediate certificates, then you need to install the certificate chain file as well.

    sudo echo >> $etcssl/server.crt
    sudo cat server-ca.crt >> $etcssl/server.crt
  3. Modify your webserver configuration. ServerName must match the server name in the SSL certificate.

    Ubuntu 22.04 or higher: Add this code to /etc/apache2/sites-enabled/000-default-conf

    Ubuntu 22.04 or higher
    <VirtualHost *:443>
    # Admin email, Server Name (domain name) and any aliases
     ServerAdmin support@xyz.com
     ServerName server1.xyz.com
    # Index file and Document Root (where the public files are located)
     DirectoryIndex index.php
    DocumentRoot /var/www/html
     <Directory /var/www/html>
     Options Indexes FollowSymLinks MultiViews
     AllowOverride All
     Order allow,deny
     allow from all
     </Directory>
    
     ErrorLog ${APACHE_LOG_DIR}/error.log
    # Possible values include: debug, info, notice, warn, error, crit,
     # alert, emerg.
     LogLevel warn
     CustomLog ${APACHE_LOG_DIR}/access.log combined
    
     SSLEngine On
     SSLCertificateFile /etc/apache2/ssl/server.crt
     SSLCertificateKeyFile /etc/apache2/ssl/server.key
     
    </VirtualHost>


    RHEL 9.0 or higher: Replace the SSLCertificateFile and SSLCertificateKeyFile lines in /etc/httpd/conf.d/ssl.conf with the following:

    RHEL 9.0 or higher
    SSLCertificateFile /etc/httpd/ssl/server.crt
    SSLCertificateKeyFile /etc/httpd/ssl/server.key
  4. Restart Apache.

    sudo systemctl restart apache2 # for Ubuntu
    sudo systemctl restart httpd   # for RHEL