TLS certificate installation on an Apache server

The following instructions will show you how to create a public key on an Apache server using OpenSSL, which can be used on any server, and then install a newly issued certificate..

Generating a CSR on Apache (OpenSSL)

To generate a CSR request (public key) and private key, the OpenSSL tool is used.

In the first step, generate a key pair (private key and public key in CSR). Open the OpenSSL and use the following commands:

openssl genrsa –des3 –out 2048

Parameter -des3 ensures the use of a passphrase for the private key (encryption); if you do not use this parameter, the private key will be unprotected.

In the second step, generate the CSR request itself. You can also generate a CSR with a private key in the SSLmarket administration and save the private key for later installation..

openssl req –new –key –out

After entering the order, you will be asked to specify the data for the CSR.

  • Common Name: Common Name is the complete name of the domain for which the certificate is to be issued.
  • Company / Organization: Enter the full name of the company as it appears in the Commercial Register, including the legal form.
  • Organizational Unit: This field is optional and is used to specify the organizational unit of the organization, such as the branch or department.
  • Locality / City: City name
  • State / Province: Left if blank
  • Country Name: State code - GB
Example of correctly filled information in the CSR

Do not enter additional information such as e-mail address, password or optional company name in the CSR request. OpenSSL will create a file with the CSR extension, which you will insert into the certificate order at

Installation of the issued certificate on the server

Creating files with keys

The issued TLS certificate is delivered by email. The certificate arrives in text form encoded in Base64 format. Save the certificate text to the server as a file public.crt.

Intermediate certificates

Get the right intermediate certificates and save them to one file intermediate.crt . Copy both new files to the /usr/local/ssl/crt/ folder.

Intermediate certificates are sent in the email with the certificate. You can find them on our site under Intermediate certificates as well.

Server configuration

To use the created keys, it is necessary to set up the server itself. Open and edit the Apache configuration file called httpd.conf (it's typically in /etc/httpd folder) and add the following 3 directives to the section :

  • SSLCertificateFile /usr/local/ssl/crt/public.crt
  • SSLCertificateKeyFile /usr/local/ssl/private/private.key
  • SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
Some versions of Apache do not support SSLCertificateChainFile, so use SSLCACertificateFile directive instead.

Save the file. Before restarting, you can test the correct configuration with the command apachectl configtest The final step is to restart the Apache webserver. apachectl stop
apachectl startssl

Example of server configuration

Here is a typical example of a server configuration in an httpd.conf file. Listen 80
Listen 443

SSLEngine on
SSLCertificateFile /usr/local/ssl/install/openssl/certs/example.crt
SSLCertificateKeyFile /usr/loca/ssl/install/openssl/certs/example.key
SSLCACertificateFile /usr/loca/ssl/install/openssl/certs/intermediate.crt

Is everything alright? Check the certificate installation in our simple tool. For more information read the article Check installation of TLS certificate.

Pomoc s SSL certifikáty

Are you lost?

Write us
Contact form