SSL Certificates with Apache on Debian & Ubuntu

Configure Apache to use the SSL Certificate

  1. Edit the virtual host configuration files located in /etc/apache2/sites-available to provide the certificate file paths. For each virtual host, replicate the configuration shown below. Replace each mention of example.com with your own domain. You will also need to ensure that the SSLCACertificateFile value is configured to point to the ca-certificates.crt file updated in the previous step:

file: /etc/apache2/sites-available/example.com.conf

<VirtualHost *:443>
SSLEngine On
SSLCertificateFile /etc/ssl/certs/example.com.crt
SSLCertificateKeyFile /etc/ssl/private/example.com.key
SSLCACertificateFile /etc/ssl/certs/ca-certificates.crt #If using a self-signed certificate, omit this line

ServerAdmin info@example.com
ServerName www.example.com
ServerAlias www.example2.com #If using alternate names for a host
DocumentRoot /var/www/html/example.com/public_html/
ErrorLog /var/www/html/example.com/log/error.log
CustomLog /var/www/html/example.com/log/access.log combined
</VirtualHost>

  1. Ensure that the Apache SSL module is enabled, and enable the virtualhost configuration:
    1
    2
    a2enmod ssl
    a2ensite example.com
    
  2. Restart Apache:
    1
    service apache2 restart
    
  3. If troubleshooting issues, a system reboot may be required.

Test Your Configuration

After configuration, some browsers may display the site correctly although errors still exist. Test your SSL configuration using the test page at your certificate issuer’s website, then perform the following steps.

  1. Check for errors using openssl s_client:
    1
    openssl s_client -CApath /etc/ssl/certs/ -connect example.com:443