This article offers step-by-step instructions for installing a certificate on an Apache HTTP server. Please note that since version 2.4.8 Apache server configuration parameters have been changed.
1.
Copy the certificate files to your server.You need to copy the following files to the server: a server certificate, a private (private) key and an intermediate certificate corresponding to the type of your server certificate.
The server certificate was sent to you by e-mail after its release in GlobalSign. You can also receive it in your
GlobalSign account by clicking on the button.
Edit to the left of the order number and
copy the certificate in PEM format .
The private key for the certificate is created along with the certificate request (CSR), so the private key file may already be on your server. If the private key is lost, the certificate must be re-issued.
An intermediate certificate that will need to be installed on the server depends on the type of your certificate. It is the presence of an intermediate certificate in the chain that allows you to associate your certificate with the root (root) certificate of GlobalSign and make the chain trusted. Download one or more
intermediate certificates , according to the type of your certificate, from the link below:
support.globalsign.com/customer/portal/topics/538410-root-certificates/articles2.
Open the Apache configuration file for editing.Depending on the type of operating system, the path of the configuration directory
The file may be different:
CentOS / RedHat:
/etc/httpd/httpd.conf /etc/httpd/sites-enabled/name-of-virtualhost.conf
Debian / Ubuntu:
/etc/apache2/apache2.conf /etc/apache2/sites-enabled/name-of-virtualhost.conf
More information about the path to find the configuration file can be found at the link below:
https://wiki.apache.org/httpd/DistrosDefaultLayout3. Configure the virtual host for the certificate to work.Find the VirtualHost section and add (or edit, if they already exist) the following directives, indicating the actual paths to the certificate and key files:
<VirtualHost xxx.xxx.xx:443> DocumentRoot /var/www/examplesite ServerName example.com www.example.com SSLEngine on SSLCertificateFile /path/to/examplesite.crt SSLCertificateKeyFile /path/to/privatekey.key SSLCertificateChainFile /path/to/intermediate.crt </VirtualHost>
Make sure that the paths SSLCertificateFile, SSLCertificateKeyFile, SSLCertificateChainFile are correct, each of them should point to the corresponding file.
Note: Starting with Apache version 2.4.8, instead of the SSLCertificateChainFile directive, you should use the SSLCertificateFile directive, which has been extended to support intermediate certificates. Adding an intermediate certificate to the end of the server's certificate file will create the necessary trusted chain.
4. Test the created server configuration.Depending on the operating system, run the command:
apachectl configtest
or
apache2ctl configtest
Running the command will detect server configuration errors, such as a mismatch between the private key and the certificate or the wrong path to the configuration file.
5. Restart the Apache server.For older versions of the Red Hat Enterprise Linux distribution, use scripts:
CentOS / RedHat:
service httpd restart
Debian / Ubuntu:
service apache2 restart
For Red Hat Linux 7 or CentOS 7.0 distributions, use the following commands:
CentOS / RedHat:
systemctl restart httpd.service
Debian / Ubuntu:
systemctl restart apache2.service
Note: Some Apache configurations may display the SSLCACertificateFile directive.
This field is required only if the Apache server is used to authenticate the client.
The SSLCACertificateFile directive will point to a certificate of the certification authority or certificate directory, which in turn serves to issue certificates that you accept for client authentication.
If you still have questions on installing the GlobalSign certificate on the Apache HTTP server, please contact
GlobalSign Russia support service: support@globalsign.com, phone: +7 (499) 678 2210