Install an SSL certificate on Apache server
Ali cloud service supports SSL Certificate to download the certificate installed Apache server, so that the Apache server supports HTTPS secure access. This article describes the operation of the specific certificate installed.
Prerequisites
- On your Apache server has opened port 443 (the default HTTPS port services).
- On your Apache server has been installed mode_ssl.so modules (enable SSL).
- In this document, the certificate name domain name as an example, for example: the file name of the certificate domain name_public.crt, the file name of the certificate chain domain name_chain.crt, certificate key file name domain name.key.
- When applying for a certificate if it is not selected automatically create CSR, the certificate will download the compressed package does not contain .key file.
Steps
- Unzip the downloaded saved to the local Apache certificate file.
After extracting the file folder there are three files:
- Certificate file: The .crt suffix or file type.
- Certificate chain file: the .crt suffix or file type.
- Key documents: the .key suffix or file type.
- In the new installation directory Apache cert directory, and extract the Apache certificate, the certificate chain and key files are copied to cert directory. If you need to install multiple certificates, required in the new directory, a corresponding number of Apache cert directory for storing different certificates.
Description
If you choose the application for a certificate
manually create the CSR file, please manually generate a key file copied to create cert directory named domain name.key.
- Modify the httpd.conf configuration file.
- In the Apache installation directory, open Apache / conf / httpd.conf file and find the following parameters are configured in the following annotation content.
#LoadModule ssl_module modules/mod_ssl.so #删除行首的配置语句注释符号“#”加载mod_ssl.so模块启用SSL服务,Apache默认是不启用该模块的。
#Include conf/extra/httpd-ssl.conf #删除行首的配置语句注释符号“#”。
Description
If you
do not find the above statement httpd.conf configuration file, make sure that your Apache server already installed mod_ssl.so module. Executable yum install -y mod_ssl
command to install mode_ssl module.
- Save httpd.conf file and exit.
- Modify httpd-ssl.conf profile.
- Open Apache / conf / extra / httpd- ssl.conf file and find the following parameters are configured in the following annotation content.
Description
Depending on the operating system,
HTTP-file may also be stored in the ssl.conf conf.d / ssl.conf directory.
<VirtualHost *:443>
ServerName
Description
should pay attention to your browser version supports SNI function. If you do not support multi-domain certificate configuration will not take effect.
- Save httpd-ssl.conf file and exit.
- Restart the Apache server SSL configuration to take effect.
Execute the following command in the bin directory of Apache:
- Stop the Apache service.
- Apache open service.
- Optional: Modify httpd.conf file, the HTTP request is provided automatically jump HTTPS.
In httpd.conf file <VirtualHost *:80> </VirtualHost>
intermediate, add the following redirect code.
RewriteEngine on
RewriteCond %{SERVER_PORT} !^443$ RewriteRule ^(.*)$ https://%{SERVER_NAME}$1 [L,R]
Next Steps
After the certificate is installed, you can log in by way of the binding domain of certificate validation certificate is installed successfully.
https://domain name #domain name替换成证书绑定的域名。
If the web address bar appear small lock symbol, it indicates that the certificate is installed successfully.
- After DV / OV SSL digital certificates deployed on the server, when the user's browser to access the site, shown below:
- After the EV SSL digital certificates deployed on the server, when the user's browser to access the site, shown below:
Verification certificate is installed successfully, if the site can not be accessed via https normal, need to make sure you install the server certificate is on port 443 or other tool to intercept.