Knowledge Base

Generating CSR and Installing SSL Certificate on Apache Server

Updated on January 3, 2025

Guide: Generating CSR and Installing SSL Certificate on Apache

This knowledge base document provides a comprehensive guide for generating a Certificate Signing Request (CSR) and installing an SSL certificate on an Apache server.

The process is divided into two main parts: CSR generation and SSL certificate installation.

Part 1: Generating a CSR and Private Key

Step 1:

There are two options:

Generate the CSR automatically using a CSR Generator like https://csrgenerator.com/.
Follow our step-by-step tutorial below on how to create the CSR on Apache.

URL Name Generating-a-CSR-on-Apache-A-Step-by-Step-Guide

Article Number 000009727

Step 2: Generate the Private Key and CSR

Using above options, to generate both the private key and CSR

You'll be prompted to enter various details for your certificate. Fill in the required information accurately.

Step 3: Retrieve the CSR

Once completed, you can view and retrieve your CSR file:

Step 4: Submit CSR to CA (Certificate Authority)

Copy the entire output, including the BEGIN and END tags, and submit it to your chosen Certificate Authority (CA).

Part 2: Installing SSL Certificate on Apache

Step 1: Prepare Certificate Files

Download and extract the following files from the zip folder provided by your CA:

Primary SSL certificate (.crt file)
CA bundle file (.ca-bundle file)

If your CA bundle certificates are in separate files, combine them into a single file:

cat IntermediateCertificate1.crt IntermediateCertificate2.crt RootCertificate.crt >> bundle.crt

Step 2: Locate Apache Configuration File

Find the appropriate Apache configuration file. Common locations include:

/etc/httpd/conf/httpd.conf
/etc/apache2/apache2.conf
/etc/httpd/conf.d/ssl.conf

Step 3: Configure Virtual Host

Back up your current configuration file:

cp /path/to/your/apache.conf /path/to/your/apache.conf_backup

Edit the Virtual Host section in your configuration file:

<VirtualHost *:443>
    ServerAdmin [email protected]
    DocumentRoot /var/www/
    ServerName www.yourdomain.com
    ErrorLog /path/to/error_log
    SSLEngine on
    SSLCertificateFile /etc/ssl/yourdomain.crt
    SSLCertificateKeyFile /etc/ssl/yourdomain.key
    SSLCertificateChainFile /etc/ssl/yourdomain.ca-bundle
</VirtualHost>

Ensure all directives are uncommented (no '#' at the start of the line).

Step 4: Save and Restart Apache

Save the configuration file and restart Apache:

apachectl restart

If Apache fails to restart, revert to the backup configuration and troubleshoot the issue.

Step 5: Test SSL Installation

Use online SSL checking tools to verify your installation and identify any potential issues or vulnerabilities.

https://www.ssllabs.com/ssltest/

https://www.sslshopper.com/csr-decoder.html

By following these steps, you can successfully generate a CSR and install an SSL certificate on your Apache server, ensuring secure communication for your website.