Enabling SSL on Apache


IMPORTANT NOTE: I experienced that if I export my certificate files (certificate.crt file as primary.crt) and keep them somewhere for a while and then if I import those certificate file on my server to be used with apache. They cause Apache service to FAIL just after I run "a2enmod" ssl command. So export your certificates again everytime you need certs on new apache servers.


 In my case, I have a pfx certificate that I got from GlobalSign and I need to convert this certificate to crt and get private key out of it in order to use on the Apache SSL Setup.

I am using OpenSSL and run following 3 openssl commands to have the certificate files that I need:


Run the following command to export the private key: (This will generate key.pem)

openssl pkcs12 -in certname.pfx -nocerts -out key.pem –nodes

Run the following command to remove the passphrase from the private key: (This will generate server.key)

openssl rsa -in key.pem -out server.key

Run to convert certificate file pfx to crt (This will generate certificate.crt)

 openssl pkcs12 -in certname.pfx -clcerts -nokeys -out certificate.crt


Rename server.key file as private.key and rename certificate.crt file as primary.crt.

Copy these 2 files to apache server. You can use WinSCP to copy these files from Windows to Linux. The files will be copied to /home/linuxuser folder


Create a folder for your certificates and set permission 700 for that folder

mkdir -p /etc/apache2/ssl

chmod 700 /etc/apache2/ssl


Copy your primary.crt and private.key to /etc/apache2/ssl folder. 

cp /home/serveradm/primary.crt /etc/apache2/ssl

cp /home/serveradm/private.key /etc/apache2/ssl



Edit your /etc/hosts file and add your websites address

nano /etc/hosts

x.x.x.x     yourwebsite.com



Modify Default SSL config:

nano /etc/apache2/sites-available/default-ssl.conf


<IfModule mod_ssl.c>

        <VirtualHost _default_:443>

                ServerAdmin webmaster@localhost

                ServerName yourserver.yourdomain.com

                ServerAlias yourserver.yourdomain.com

                DocumentRoot /var/www/html

SSLEngine on

SSLCertificateFile      /etc/apache2/ssl/primary.crt

SSLCertificateKeyFile /etc/apache2/ssl/private.key





Check if config is set correctly

apache2ctl configtest


Enable SSL for default-ssl

a2ensite default-ssl


Enable SSL module

a2enmod ssl

systemctl restart apache2 


 We just enable https access on Apache. If you need to redirect http request to https you can also edit your 000-default.conf file

Nano /etc/apache2/sites-available/000-default.conf


<VirtualHost *:80>

    RewriteEngine On

    RewriteCond %{HTTPS} off

    RewriteRule ^(.*)$ https://%{HTTP_HOST}%{REQUEST_URI} [R=301,L]


And Finally run the command below

a2enmod rewrite 



© selimatmaca.com. All Rights Reserved.