SSL/TLS (Secure Socket Layer/Transport Layer Security) certificates secure the digital web with the latest encryption technology, which uses cryptographic algorithms for securing the web. Encryption converts the plain format into a cipher format and secures all the data in transit carried out between the browser and the server. This helps in preventing unauthorized access and unwanted penetrations into your network.
Wildcard SSL certificates are a type of SSL certificate that secure the primary domain and multiple subdomains of the first level. This blog is specifically written to enlighten users as to how to install a Wildcard SSL certificate on Apache Web Server.
Table of Contents
About Apache Web Server:
Apache is a popular web server used by millions of people all over the globe.
31.5% of all the websites are on Apache.
It’s a free and open-source server that permits users to place their websites. Though Apache is quite old, it’s the most reliable web server amongst site owners. Apache was first released in 1995 and is maintained by the Apache Software Foundation. It can host multiple HTTP (hyper-text transfer protocol secure) sites and supports shared hosting.
As far as Ubuntu is concerned, it’s an operating system and when an Apache server software is installed on it, it is termed an Ubuntu server.
Apache & SSL:
Your website needs encryption security to prevent intruders from penetrating your network and hence you need to install an SSL certificate on your Apache Server. You can purchase a Wildcard SSL certificate from a reliable SSL certificate provider like Comodo, Thawte, GeoTrust, etc., and install the same on the web server.
Let’s check out the installation process of a Wildcard SSL on the Apache server.
How to Install a Wildcard SSL Certificate on Apache Server?
In case you have not purchased the Wildcard SSL certificate, generate the CSR (Certificate Signing Request) from the Apache server. The Certificate Authority (CA) will verify the domain name and later issue your Wildcard SSL certificate along with the intermediate files and the private key.
Ensure that the private key is stored on the server itself.
Installation Procedure:
1. Copy the Certificate Files to the Server:
After the successful completion of the verification process by the CA, the CA will issue the SSL certificate files on the email id of the site owner. The owner needs to download the folder and extract the SSL certificate and its intermediate files. The same needs to be uploaded on the Apache server.
The below-stated files need to be uploaded to the server.
- certificate.crt
- Ca-bundle.crt
- Private.key
Copy all these files to the server directory. The default server directory for certificate.crt and ca_bundle.crt files is /etc/ssl/, whereas the default directory for the private.key file is /etc/ssl/private/.
2. Edit the Apache.Con
The Apache.config file is located in /etc/apache2/sites-enabled/your_site_name. In case the file is not located there, run the below-stated command to get the file.
| sudo a2ensite your_site_name |
Open the Apache.config file with your desired text editor.
Note: To view and access your site on HTTP and HTTPS, it’s vital to separate two different files since both these protocols are on different ports. HTTP is on port 80, whereas https is on port 443.
3. Configure the Virtual Host Block:
In the configuration file, go to the <Virtual Host>. You will also need to change the port of your unsecured site to a secured one by moving the site from port 80 to port 443.
By configuring the virtual host, you will be able to access your site via HTTPS, i.e., the secured way.
Code Lines of the Default Virtual Host Block
| <VirtualHost 192.168.0.1:443>
DocumentRoot /var/www/site </VirtualHost> |
Enter the SSL certificate details in this block.
- SSLCertificateFile/path/to/yourdomain.crt – In this parameter, update the location of your SSL certificate file.
- SSLCertificateKeyFile/path/to/yourdomain.key – In this parameter, update the location of your private key file which you have received during the CSR generation process.
- SSLCertificateChainFile/path/to/yourdomain.crt – In this parameter, update the location of the intermediate certificate file/CA bundle. In case of multiple intermediate certificates, concatenate the files.
- Ensure an error-free configuration process.
- Later save the .config file after cross-checking the details.
Note: If the SSLCertificateChainFile directive does not work, try using the SSLCACertificateFile directive instead.
4. Test Your New.Config File:
After updating the locations of the SSL certificates and the intermediate files in the .config file, it’s essential to test the newly revised .config file for errors. In case the error persists, repeat the installation and configuration process. In case everything is in order, continue with the last and final step.
5. Restart the Apache:
Restart your Apache server by using the below-stated command.
| /usr/local/apache/bin/apachectl startssl
/usr/local/apache/bin/apachectl restart |
Congrats on the successful installation of the Wildcard SSL certificate on your Apache server. You can also use SSL checker to test the SSL installation process and its status.
Many site owners think that installation of a Wildcard SSL certificate is a tough call, but be it Wildcard SSL or any other SSL product, the configuration process is easy and it remains the same. In the same way, be it an Apache server or any other server the installation process is similar.
We have thoroughly explained the entire process, which is easy to follow and implement.