SSL Certificates Installation Instruction - Apache-SSL / Apache ModSSL
1. Save the certificate file
You will receive an email that contain a zip file after your SSL certificate is issued, the zip file have 3 files: one is like UTN*.crt, this is the root CA, no any use, second is like WoSign*.crt, this is the intermediate root, please rename it to intermediate.crt, the third file is your SSL certificate like www.mydomain.com.crt .
2. Install the Certificate
a. Copy the certificate and Intermediate CA Certificate to the Apache directory in which you plan to store your certificates (example: /etc/httpd/conf/ssl.key/ or /etc/httpd/conf/ssl.crt/).
b. Open the Apache httpd.conf file in a text editor (notepad/vi). Locate the SSL VirtualHost associated with your certificate. Verify that you have the following 3 directives within this virtual host. Please add them if they are not present:
Note that some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter the information in both as there will be a conflict and Apache will not start.
c. Save the changes and exit the editor.
Stop and start the Apache daemon which will register the changes that have been made in the config file. You can use the following commands:
/usr/sbin/apachectl stop /usr/sbin/apachectl startssl
/usr/sbin/httpd -k stop /usr/sbin/httpd -DSSL
3. Setup the server
Make sure you assign port 443 and a unique ip address (i.e <VirtualHost 192.168.20.248:443>)to the virtual host. Apache does not support name based virtual hosts therefore host headers must not be specified in the VirtualHost directive.Note: If the server is behind a firewall please make sure port 443 has been enabled on the firewall.
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.