SSL Certificate Installation on Apache
One of the most important things that a CA (Certification Authority) can do is it make their SSL certificates simple and easy to obtain and install. At Comodo, we strive to do just that, including providing helpful tips and advice for CSR generation and installing an SSL certificate on Apache servers.
It can be a bit confusing for those new to CSR (Certificate Signing Request) generation to find the right files and get things started. You will need to have the CSR in order to obtain the SSL certificate for Apache servers, but this is not a difficult task if you just take it step-by-step.
The Certificate Signing Request comes from the Apache server you are using. It is a block of text that is encrypted and that is unique. It will actually provide a wide range of information for the Certificate Authority (CA).
To obtain an SSL certificate for Apache servers the CA has to have the encrypted text. This text will include your FQDN or fully qualified domain name, the organization name in full (no abbreviations) as well as the organizational unit if one is required.
Other information that is found in the CSR will include:
- The state, region and county where the organization is located
- The two-letter ISO code for the country
- The contact email address for your SSL certificate manager
- The public key that is automatically generated with the CSR
There is also a private key that is generated that you will retain. For EV SSL certificates the private key will have to be 2048 bits to ensure the correct level of security. Comodo uses this level of encryption on all our SSL certificates including our SSL certificate on Apache servers.
On our website in our knowledgebase section, you will find specific information in step-by-step format to generate the CSR.
This will be done with OpenSSL using a command that generates both the private key and the public key in separate files. You will retain the file with the private key. It should be kept in a secure location where it is inaccessible to anyone but the IT administrator or manager. Always backup and secure the backup copy of the private key as well. If it is lost, it cannot be recovered.
Once you have the private key and the public key, you will fill in the information on the CSR as mentioned above. This will then create the CSR, which will be copied and pasted into the enrollment form for an SSL certificate on Apache servers.
This will come in the form of a ZIP file that is extracted and the files moved to their corresponding directories. The private key file will need to be placed in one of the directories only accessible to Apache.
The Secure Sockets Layer configuration file may be in different locations depending on your Apache distribution. Often you will need to access the distribution site for the Apache version you are using to quickly find the configuration files required. You may also have to add directives in the Virtual Host section of the file, but they may also already exist so check in advance.
Finally, to complete the installation of the SSL certificate on Apache, you will need to save the config file and restart the system. It is possible to run a test on the Apache configuration before restarting to verify the installation is correct and free from any errors. Apache servers will not restart when there are configuration files with syntax error, so this is a critical step in the process.
Ideally, complete a full stop and start rather than a restart to prompt all changes to be accepted.
Finally, be sure to run an SSL certificate checker or analysis on the site. We provide this tool on our website for your use. It will provide full information on the SSL certificate and ensure that the system is fully functional. This will result in a simple, easy and error-free checkout for your customers.
We are here to help. If you experience any problems during the installation of the SSL certificate, get in touch with our staff at +1 888 266 6361. To try our free SSL certificate or to upgrade to a Wildcard SSL, Comodo SSL or EV SSL visit us at https://ssl.comodo.com/.