Installation Instructions for Apache

Solution ID:    SO6252    Updated:    10/07/2015


This document provides instructions for installing SSL Certificates for Apache. If you are unable to use these instructions for your server, RapidSSL recommends that you contact either the vendor of your software or an organization that supports Apache-SSL.

Watch RapidSSL's Tutorial Videos for a more visual experience!

Note:  If you are unable to view the video, please click here to go directly to the video source.

Step 1: Obtain and install the SSL Certificate

    1.    The RapidSSL certificate will be sent by email. 
    2.    Copy the certificate imbedded in the body of the email and paste it into a text file using Vi or Notepad.

           The text file should look like:

           -----BEGIN CERTIFICATE-----

                    [encoded data]

           -----END CERTIFICATE-----

    3.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE 
           and that no white spaces, extra line breaks or additional characters have been inadvertently added.

           NOTE: You can download the certificate also from the RapidSSL User Portal by following the steps
           from this link: SO16222
           Please select X.509 as a certificate format and copy only the End Entity Certificate.

    4.    To follow the naming convention for Apache, rename the certificate filename with the .crt extension.
    5.    Copy the Certificate into the directory that you will be using to hold the certificates.
           For example: /usr/local/ssl/crt/.

Step 2: Obtain the Intermediate CA Certificate

    1.    Go to: RapidSSL Intermediate CA Certificate page. 
    2.    Download the Intermediate CA certificate according to your SSL certificate product.
    3.    Paste the file on a Notepad and save it as intermediate.crt 

           Note:  Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE
           and that no white spaces, extra line breaks or additional characters have been inadvertently added. 

    4.    This file must be placed in the same directory as the SSL Certificate. For example: /usr/local/ssl/crt

Step 3: Configure the server

           Note:  Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend
           the httpd.conf or the ssl.conf with the below directives. Do not enter both as there will be a conflict
           and Apache may not start.

    1.    In order to use the key pair, the httpd.conf or ssl.conf file will need to be updated. 
    2.    In the Virtual Host section of the httpd.conf or ssl.conf file, verify that there are the
           following 3 directives within this Virtual Host.

           Please add them if they are not present: 

           SSLCertificateFile /usr/local/ssl/crt/public.crt  
This will need to point to the SSL certificate itself.

           SSLCertificateKeyFile /usr/local/ssl/private/private.key 
This will need to point to the private key file associated with the certificate.

           SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt  
This will need to point to the the intermediate file.

           NOTE: Some versions of Apache will not accept the SSLCertificateChainFile directive.
           Try using SSLCACertificateFile instead.

           For example

            NOTE: If you are using a different location and certificate file names than the example above
            (which most likely you are) you will need to change the path and filename to reflect your server

    3.    The VirtualHosts in your httpd.conf file should be configured as follows:

           <VirtualHost [IP ADDRESS]:443
             DocumentRoot /www/home
             ErrorLog /www/home/logs/error_log
             SSLEngine on
             SSLProtocol all
             SSLCertificateFile /etc/httpd/conf/ssl.crt/public.crt
             SSLCertificateKeyFile /etc/httpd/conf/ssl.key/private.key
             SSLCACertificateFile /usr/local/ssl/crt/intermediate.crt
             ServerPath /home
             <Directory "/www/home">

    4.    Save your httpd.conf or ssl.conf file and restart Apache. You can most likely do so by using
           the apachectl script: 

           apachectl stop  

           apachectl startssl

    5.    You should now be set to start using your RapidSSL certificate with your Apache-SSL Server.
    6.    To verify if your certificate is installed correctly, use the Installation Checker

           NOTE: You can also test the certificate by using a browser to connect to your server.
           Use the https protocol directive (e.g. https://your server/) to indicate you wish to use
           secure HTTP. The padlock icon on your browser will be displayed in the locked position
           if your certificates are installed correctly and the server is properly configured for SSL.

           For more information, see the Apache Support website. 


Legacy ID



RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Knowledge Center

Search Tips