Installation Instructions for Apache

Solution ID:    SO6252    Updated:    06/14/2016


This document provides instructions for installing SSL Certificates for Apache. If these instructions do not work for installation on the server, RapidSSL recommends that the vendor of the software or an organization that supports Apache-SSL.

Watch RapidSSL's Tutorial Videos for a more visual experience!

Note:  If unable to view the video, please click here to go directly to the video source.

Step 1: Obtain and install the SSL Certificate

    1.    The RapidSSL certificate will be sent by email. 
    2.    Copy the certificate imbedded in the body of the email and paste it into a text file using Vi or Notepad.

           The text file should look like:

           -----BEGIN CERTIFICATE-----

                    [encoded data]

           -----END CERTIFICATE-----

    3.    Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE 
           and that no white spaces, extra line breaks or additional characters have been inadvertently added.

           Note: The certificate can also be downloaded from the RapidSSL User Portal.
           Please select X.509 as a certificate format and copy only the End Entity Certificate.

    4.    To follow the naming convention for Apache, rename the certificate filename with the .crt extension.
    5.    Copy the Certificate into the directory that will hold the certificates.
           For example: /usr/local/ssl/crt/.

Step 2: Obtain the Intermediate CA Certificate

    1.    Go to: RapidSSL Intermediate CA Certificate page. 
    2.    Download the Intermediate CA certificate according to the SSL certificate product.
    3.    Paste the file on a Notepad and save it as intermediate.crt 

           Note:  Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE
           and that no white spaces, extra line breaks or additional characters have been inadvertently added. 

    4.    This file must be placed in the same directory as the SSL Certificate. For example: /usr/local/ssl/crt

Step 3: Configure the server

           Note:  Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend
           the httpd.conf or the ssl.conf with the below directives. Do not enter both as there will be a conflict
           and Apache may not start.

    1.    In order to use the key pair, the httpd.conf or ssl.conf file will need to be updated. 
    2.    In the Virtual Host section of the httpd.conf or ssl.conf file, verify that there are the
           following 3 directives within this Virtual Host.

           Please add them if they are not present: 

           SSLCertificateFile /usr/local/ssl/crt/public.crt  
This will need to point to the SSL certificate itself.

           SSLCertificateKeyFile /usr/local/ssl/private/private.key 
This will need to point to the private key file associated with the certificate.

           SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt  
This will need to point to the the intermediate file.

           Note: Some versions of Apache will not accept the SSLCertificateChainFile directive.
           Try using SSLCACertificateFile instead.

           For example

            Note: The file names and path are an example.

    3.    The VirtualHosts in the httpd.conf file should be configured as follows:

           <VirtualHost [IP ADDRESS]:443
             DocumentRoot /www/home
             ErrorLog /www/home/logs/error_log
             SSLEngine on
             SSLProtocol all
             SSLCertificateFile /etc/httpd/conf/ssl.crt/public.crt
             SSLCertificateKeyFile /etc/httpd/conf/ssl.key/private.key
             SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
             ServerPath /home
             <Directory "/www/home">

    4.    Save the httpd.conf or ssl.conf file and restart Apache. This can most likely do so by using
           the apachectl script: 

           apachectl stop  

           apachectl startssl

    5.    To verify the certificate is installed correctly, use the Installation Checker

           For more information, see the Apache Support website. 


Legacy ID



RapidSSL has made efforts to ensure the accuracy and completeness of the information in this document. However, RapidSSL makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. RapidSSL assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document.  Further, RapidSSL assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. RapidSSL reserves the right to make changes to any information herein without further notice.

Contact Support

US Support:

Order Processing

Technical Support

European Support:

Order Processing

Technical Support

SSL digital certificates sales live chat.

Knowledge Center

Search Tips