tencent cloud

PrevNext

Feedback

search by keyword

Recent Pages

Documentation
SSL Certificate Service
    Documentation
    Download PDF

    Installing an SSL Certificate on an Apache Server (Linux)

    Last updated: 2024-03-06 17:38:42
    Download PDF

      Overview

      This document describes how to install an SSL certificate on an Apache server.
      Note:
      The certificate name cloud.tencent.com is used as an example.
      The Apache/2.4.6 version is used as an example. The default port is 80. You can download it from the Apache official website. If you need to use another version, contact us.
      The current server OS is CentOS 7. Detailed steps vary slightly by OS.
      Before you install an SSL certificate, enable port 443 on the Apache server so that HTTPS can be enabled after the certificate is installed. For more information, see How Do I Enable Port 443 for a VM?.
      For detailed directions on how to upload SSL certificate files to a server, see Copying Local Files to CVMs.

      Prerequisites

      A remote file copy tool such as WinSCP has been installed. Please download the latest version from the official website. We recommend that you use CVM's file upload feature for deployment to CVM.
      Install the remote login tool such as PuTTY or Xshell. The latest official version is recommended.
      Install the Apache service on the current server.
      The data required to install the SSL certificate includes the following:
      Name
      Description
      Server IP address
      IP address of the server, which is used to connect the PC to the server.
      Username
      The username used to log in to the server.
      Password
      The password used to log in to the server.
      Note:
      For a CVM instance purchased on the Tencent Cloud official website, log in to the CVM console to get the server IP address, username, and password.

      Directions

      Installing the certificate

      1. Log in to the SSL Certificate Service console, and click Download for the certificate you need to install.
      2. In the pop-up window, select Apache for the server type, click Download, and decompress the cloud.tencent.com certificate file package to the local directory. After decompression, you can get the certificate file of the corresponding type, which includes the cloud.tencent.com_apache folder.
      Folder: cloud.tencent.com_apache
      Files in the folder:
      root_bundle.crt: certificate file
      cloud.tencent.com.crt: certificate file
      cloud.tencent.com.key: Private key file
      CSR file:cloud.tencent.com.csr file
      Note:
      You can upload the CSR file when applying for a certificate or have it generated online by the system. It is provided to the CA and irrelevant to the installation.
      3. Log in to the Apache server using WinSCP (a tool copying files between a local computer and a remote computer).
      Note:
      For detailed directions, see Uploading files via WinSCP to a Linux CVM from Windows.
      We recommend that you use CVM's file upload feature for deployment to CVM.
      4. Copy the obtained certificate files root_bundle.crt and cloud.tencent.com.crt and the private key file cloud.tencent.com.key from the local directory to the /etc/httpd/ssl directory of the Apache server.
      Note:
      If the /etc/httpd/ssl directory does not exist, run the mkdir /etc/httpd/ssl command to create it.
      5. Log in to the Apache server remotely by using a login tool such as PuTTY.
      Note: For a newly installed Apache server, the conf.d, conf, and conf.modules.d directories are under the /etc/httpd directory by default.
      6. In the httpd.conf configuration file under /etc/httpd/conf, find the Include conf.modules.d/*.conf configuration statement (for loading the SSL configuration directory) and check whether it is commented out. If so, remove the comment symbol (#) from the first line and save the configuration file.
      7. In the 00-ssl.conf configuration file under /etc/httpd/conf.modules.d, find the LoadModule ssl_module modules/mod_ssl.so configuration statement (for loading the SSL module) and check whether it is commented out. If so, remove the comment symbol (#) from the first line and save the configuration file.
      Note: The directory structure varies by OS version. Find files in accordance with the actual OS version.
      If LoadModule ssl_module modules/mod_ssl.so and Include conf.modules.d/*.conf configuration statements cannot be found in the configuration files above, check whether the mod_ssl.so module has been installed, and if not, run the yum install mod_ssl command to install it.
      8. Edit the ssl.conf configuration file in the /etc/httpd/conf.d directory by modifying the following:
      <VirtualHost 0.0.0.0:443>
           DocumentRoot "/var/www/html" 
           # Enter the certificate name
           ServerName cloud.tencent.com 
           # Enable SSL
           SSLEngine on 
           # Path of the certificate file
           SSLCertificateFile /etc/httpd/ssl/cloud.tencent.com.crt 
           # Path of the private key file
           SSLCertificateKeyFile /etc/httpd/ssl/cloud.tencent.com.key 
           # Path of the certificate chain file
           SSLCertificateChainFile /etc/httpd/ssl/root_bundle.crt 
      </VirtualHost>
      9. Restart the Apache server and then you can access it through https://cloud.tencent.com.
      If the security lock icon is displayed in the browser, the certificate has been installed successfully.
      In case of a website access exception, troubleshoot the issue by referring to the following FAQs:
      Website Inaccessible After an SSL Certificate is Deployed
      "Your Connection is Not Secure" is Displayed After the SSL Certificate is Installed
      Why Does the Website Prompt "Connection Is Untrusted"?
      404 Error After the SSL Certificate is Deployed on IIS

      (Optional) Security configuration for automatic redirect from HTTP to HTTPS

      To redirect HTTP requests to HTTPS, complete the following settings:
      1. Edit the httpd.conf configuration file in the /etc/httpd/conf directory.
      Note:
      The directory structure varies by Apache version. For more information, see Apache Module mod_rewrite.
      The httpd.conf configuration file is located in more than one directory. You can filter them by /etc/httpd/*.
      2. Check whether LoadModule rewrite_module modules/mod_rewrite.so is in it.
      If so, remove the comment symbol (#) in front of LoadModule rewrite_module modules/mod_rewrite.so and proceed to step 4.
      If not, proceed to step 3.
      3. C
      reat
      e a *.conf file such as 00-rewrite.conf in /etc/httpd/conf.modules.d and add the following content to it:
      LoadModule rewrite_module modules/mod_rewrite.so
      4. Ad
      d the follo
      wing to the httpd.conf configuration file:
      <Directory "/var/www/html"> 
      # Add the following:
      RewriteEngine on
      RewriteCond %{SERVER_PORT} !^443$
      RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
      </Directory>
      5. Restart the Apache server and then you can access it through http://cloud.tencent.com.
      Note: If anything goes wrong during this process, contact us.
      Contact Us

      Contact our sales team or business advisors to help your business.

      Contact Us
      Technical Support

      Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

      Submit a Ticket
      7x24 Phone Support
      Copyright © 2013-2024 Tencent Cloud. All Rights Reserved.
      Privacy PolicyLegalCookie Policy