Installing an SSL Certificate on Apache




Once a certificate and key have been purchased and generated, you will need to upload the files to your server.

If FTP is enabled on the server I would recommend Filezilla or CyberDuck FTP Clients to upload your files.

Once the files are uploaded, SSH into the server and sudo mv the files into the /etc/ssl/ directory.

Next, setup your virtual host for port 443. Before you get started, make sure your server has an SSL Engine. If not, you may need to install mod_ssl. To run the mod_ssl install command use the following code:

yum install mod_ssl

Now you will be able to setup the virtual host by configuring the Apache mod_ssl module. On a standard install, the file may be located at /etc/httpd/conf.d/ssl.conf.

The default file will have a number of instructions interspersed between lines of code. The most important lines of code will need to be edited with your server and sites information. See below: (be sure to remove quote marks when entering your information)

SSLEngine on
SSLCertificateFile "/etc/ssl/signed certificate"
SSLCertificateChainFile "/etc/ssl/intermediate_certificate"
SSLCertificateKeyFile "/etc/ssl/private/key"

# Uncomment the following directive when using client certificate authentication
#SSLCACertificateFile /path/to/ca_certs_for_client_authentication


Test your Apache configuration using the following command:

apachectl configtest

If no errors have occurred, restart Apache to complete the SSL configuration. Use the following command:

apachectl stop
apachectl start

Your website will now have a green padlock when using the HTTPS protocol. To redirect all non secure traffic automatically to HTTPS, edit your site’s non-secure port 80 Virtual Host.

On a standard install, this file would be found in /etc/httpd/. Edit the virtual host using the following (be sure to remove quote marks):

ServerName "Site's url (don't include protocol) ex:"
DocumentRoot "Site files directory ex: /var/www/html/site"
Redirect permanent /secure "Site's url with new secure protocol"

Restart Apache and you’re all set.