tencent cloud

Feedback

Installing an SSL Certificate on an Apache Server (Linux)

Last updated: 2024-03-06 17:38:42

    Overview

    This document describes how to install an SSL certificate on an Apache server.
    Note:
    The certificate name cloud.tencent.com is used as an example.
    The Apache/2.4.6 version is used as an example. The default port is 80. You can download it from the Apache official website. If you need to use another version, contact us.
    The current server OS is CentOS 7. Detailed steps vary slightly by OS.
    Before you install an SSL certificate, enable port 443 on the Apache server so that HTTPS can be enabled after the certificate is installed. For more information, see How Do I Enable Port 443 for a VM?.
    For detailed directions on how to upload SSL certificate files to a server, see Copying Local Files to CVMs.

    Prerequisites

    A remote file copy tool such as WinSCP has been installed. Please download the latest version from the official website. We recommend that you use CVM's file upload feature for deployment to CVM.
    Install the remote login tool such as PuTTY or Xshell. The latest official version is recommended.
    Install the Apache service on the current server.
    The data required to install the SSL certificate includes the following:
    Name
    Description
    Server IP address
    IP address of the server, which is used to connect the PC to the server.
    Username
    The username used to log in to the server.
    Password
    The password used to log in to the server.
    Note:
    For a CVM instance purchased on the Tencent Cloud official website, log in to the CVM console to get the server IP address, username, and password.

    Directions

    Installing the certificate

    1. Log in to the SSL Certificate Service console, and click Download for the certificate you need to install.
    2. In the pop-up window, select Apache for the server type, click Download, and decompress the cloud.tencent.com certificate file package to the local directory. After decompression, you can get the certificate file of the corresponding type, which includes the cloud.tencent.com_apache folder.
    Folder: cloud.tencent.com_apache
    Files in the folder:
    root_bundle.crt: certificate file
    cloud.tencent.com.crt: certificate file
    cloud.tencent.com.key: Private key file
    CSR file:cloud.tencent.com.csr file
    Note:
    You can upload the CSR file when applying for a certificate or have it generated online by the system. It is provided to the CA and irrelevant to the installation.
    3. Log in to the Apache server using WinSCP (a tool copying files between a local computer and a remote computer).
    Note:
    We recommend that you use CVM's file upload feature for deployment to CVM.
    4. Copy the obtained certificate files root_bundle.crt and cloud.tencent.com.crt and the private key file cloud.tencent.com.key from the local directory to the /etc/httpd/ssl directory of the Apache server.
    Note:
    If the /etc/httpd/ssl directory does not exist, run the mkdir /etc/httpd/ssl command to create it.
    5. Log in to the Apache server remotely by using a login tool such as PuTTY.
    Note: For a newly installed Apache server, the conf.d, conf, and conf.modules.d directories are under the /etc/httpd directory by default.
    6. In the httpd.conf configuration file under /etc/httpd/conf, find the Include conf.modules.d/*.conf configuration statement (for loading the SSL configuration directory) and check whether it is commented out. If so, remove the comment symbol (#) from the first line and save the configuration file.
    7. In the 00-ssl.conf configuration file under /etc/httpd/conf.modules.d, find the LoadModule ssl_module modules/mod_ssl.so configuration statement (for loading the SSL module) and check whether it is commented out. If so, remove the comment symbol (#) from the first line and save the configuration file.
    Note: The directory structure varies by OS version. Find files in accordance with the actual OS version.
    If LoadModule ssl_module modules/mod_ssl.so and Include conf.modules.d/*.conf configuration statements cannot be found in the configuration files above, check whether the mod_ssl.so module has been installed, and if not, run the yum install mod_ssl command to install it.
    8. Edit the ssl.conf configuration file in the /etc/httpd/conf.d directory by modifying the following:
    <VirtualHost 0.0.0.0:443>
    DocumentRoot "/var/www/html"
    # Enter the certificate name
    ServerName cloud.tencent.com
    # Enable SSL
    SSLEngine on
    # Path of the certificate file
    SSLCertificateFile /etc/httpd/ssl/cloud.tencent.com.crt
    # Path of the private key file
    SSLCertificateKeyFile /etc/httpd/ssl/cloud.tencent.com.key
    # Path of the certificate chain file
    SSLCertificateChainFile /etc/httpd/ssl/root_bundle.crt
    </VirtualHost>
    9. Restart the Apache server and then you can access it through https://cloud.tencent.com.
    If the security lock icon is displayed in the browser, the certificate has been installed successfully.
    In case of a website access exception, troubleshoot the issue by referring to the following FAQs:

    (Optional) Security configuration for automatic redirect from HTTP to HTTPS

    To redirect HTTP requests to HTTPS, complete the following settings:
    1. Edit the httpd.conf configuration file in the /etc/httpd/conf directory.
    Note:
    The directory structure varies by Apache version. For more information, see Apache Module mod_rewrite.
    The httpd.conf configuration file is located in more than one directory. You can filter them by /etc/httpd/*.
    2. Check whether LoadModule rewrite_module modules/mod_rewrite.so is in it.
    If so, remove the comment symbol (#) in front of LoadModule rewrite_module modules/mod_rewrite.so and proceed to step 4.
    If not, proceed to step 3.
    3. C
    reat
    e a *.conf file such as 00-rewrite.conf in /etc/httpd/conf.modules.d and add the following content to it:
    LoadModule rewrite_module modules/mod_rewrite.so
    4. Ad
    d the follo
    wing to the httpd.conf configuration file:
    <Directory "/var/www/html">
    # Add the following:
    RewriteEngine on
    RewriteCond %{SERVER_PORT} !^443$
    RewriteRule ^(.*)?$ https://%{SERVER_NAME}%{REQUEST_URI} [L,R]
    </Directory>
    5. Restart the Apache server and then you can access it through http://cloud.tencent.com.
    Note: If anything goes wrong during this process, contact us.
    Contact Us

    Contact our sales team or business advisors to help your business.

    Technical Support

    Open a ticket if you're looking for further assistance. Our Ticket is 7x24 avaliable.

    7x24 Phone Support