This article will go into detail on how to install certificates on Apache 2.4.8
Prerequisites:
Concatenate the CAbundle and the certificate file which we sent you using the following command.
<strong>> cat domain_com.crt domain_com.ca-bundle > ssl-bundle.crt</strong>
If you are Using GUI Text Editor (Ex: Notepad):
(i) To concatenate the certificate files into single bundle file, first open domainname.crt and domainname.ca-bundle files using any text editor.
(ii) Now copy all the content of domainname.crt and paste it on the top of domainname.ca-bundle file.
(iii) Now save the file name as "ssl-bundle.crt".
Under Linux, to check the version number of your Apache server, execute the following command: #apache2ctl -versionor#apachectl -version
Configure the Apache server:
In a standard installation under Linux, the SSL advanced configuration file is located here:
<pre><em>/etc/apache2/mods-enabled/ssl.conf</em></pre>but it is not in this file that you will activate the certificate for a website. You'll have to edit the file
<pre><em><strong>/etc/apache2/sites-enabled/default-ssl.conf</strong></em></pre>
Use the following command to figure out where Apache is pulling its configuration from:apache2ctl -V | grep SERVER_CONFIG_FILE
or just
apachectl -V | grep SERVER_CONFIG_FILE
The situation for ubuntu on Apache differs, as the configurations for 443 and 80 ports for each site are located in separate files. You can find it at /etc/apache2/sites-enabled/ Edit or create the file with the VirtualHost for 443 port to set up the secure connection.
Actually you can duplicate the record for port 80 (should be in your VirtulHost file by default) and change port 80 to port 443. Simply add it below non-secure module.
Example VirtualHost Configuration:
<VirtualHost 91.199.212.176:443>
DocumentRoot /etc/httpd/htdocs
ServerName XYZ.com
SSLEngine on
SSLCertificateFile /usr/local/ssl/crt/ssl-bundle.crt
SSLCertificateKeyFile /usr/local/ssl/private/private.key
</VirtualHost>
Note: As with the example above, file names can be domainname.crt, server.key, your server however may use a different naming convention. If you are using a different file location than the example above, you will need to change the paths to match your files on the server.
SSLUseStapling on
Also specify OCSP cache response location and size outside of the Virtual Host section using SSLStaplingCache
SSLStaplingCache shmcb:/tmp/stapling_cache(128000)
Note: OSCP Stapling can be configured starting from Apache HTTP server 2.3.3 and later.
<em>apachectl configtest</em>
". The command will return Syntax Ok if there are no errors.<em>apachectl stop</em>
<em>apachectl start</em>