Apache Http Ssl Configuration

Posted on  by admin

SSL is currently on of the standards of web security. Learn how to implement an SSL certificate on an Apache Web Server to keep your data safe.

Join the DZone community and get the full member experience.

The Apache HTTP Server now supports loading TLS certificates and private keys from hardware security tokens directly from PKCS#11 modules. As a result, a modssl configuration can now use PKCS#11 URLs to identify the TLS private key, and, optionally, the TLS certificate in the SSLCertificateKeyFile and SSLCertificateFile directives.

Join For Free
  1. An easy-to-use secure configuration generator for web, database, and mail software. Simply select the software you are using and receive a configuration file that is both safe and compatible. Mozilla SSL Configuration Generator.
  2. Issues with SSL-Apache Configuration. These known issues arise when you configure the Apache plug-in to use SSL: To prepare the plug-in configuration, using Internet Explorer click the lock and go to the certificates path: Select the root CA (at the top).

Before you start the installation process, please make sure that a CSR Code is generated, all validations are met, and the SSL Certificate is issued and downloaded.

To Install an SSL Certificate, Perform the Following Steps:

  • Copy the certificate into the shell text editor and name the file “mydomain.crt”

Note: Copy the contents of the certificate from (and including) the -----BEGIN CERTIFICATE---- line to the ---END CERTIFICATE--- line.

  • Copy the certificate to the Apache Server Directory in which you plan to store your certificates (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/)

Note: - If you have a custom installation, please locate the server directory.

  • Open the Apache Configuration file in a text editor. Apache configuration files are usually found in /etc/httpd. The main configuration file is usually named httpd.conf. In most cases, the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find <VirtualHost> blocks in a separate file in a directory like /etc/httpd/sites/ or in a file called ssl.conf.
  • Locate the SSL VirtualHost associated with your certificate. Verify that you have the following two directives within this virtual host. Please add them if they are not present.
    • SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt (or server.crt)
    • SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domainname.key (or server.key)

Note: Some instances of Apache will store Virtual Host information in an ssl.conf file. If your httpd.conf contains no Virtual Host information then you will need to locate and amend the ssl.conf as performed above.

  • Save the changes and exit the shell editor.
  • Start or Restart your Apache web server using one of the following commands:
  • Apache Http Ssl Configuration

    By default:

    /usr/local/apache/bin/apachectl startssl


    /usr/local/apache/bin/apachectl restart


    Apache Http Ssl Configuration Download

    ssl certificate,apache web server,security,web security

    Published at DZone with permission of Kalpesh Patel. See the original article here.


    Opinions expressed by DZone contributors are their own.

    Popular on DZone


    Apache http ssl setup

    Why do I get permission errors related to SSLMutex when I start Apache?

    Errors such as ``mod_ssl: Child could not open SSLMutex lockfile /opt/apache/logs/ssl_mutex.18332 (System error follows) [...] System: Permission denied (errno: 13)' are usually caused by overly restrictive permissions on the parent directories. Make sure that all parent directories (here /opt, /opt/apache and /opt/apache/logs) have the x-bit set for, at minimum, the UID under which Apache's children are running (see the User directive).


    Why does mod_ssl stop with the error 'Failed to generate temporary 512 bit RSA private key' when I start Apache?

    Apache Ssl Config

    Cryptographic software needs a source of unpredictable data to work correctly. Many open source operating systems provide a 'randomness device' that serves this purpose (usually named /dev/random). On other systems, applications have to seed the OpenSSL Pseudo Random Number Generator (PRNG) manually with appropriate data before generating keys or performing public key encryption. As of version 0.9.5, the OpenSSL functions that need randomness report an error if the PRNG has not been seeded with at least 128 bits of randomness.

    Apache Httpd Ssl Configuration Centos 7

    To prevent this error, mod_ssl has to provide enough entropy to the PRNG to allow it to work correctly. This can be done via the SSLRandomSeed directive.