In Apache HTTP and Security Last updated:
Share on:
Cloudways offers managed cloud hosting for any size business to host a website or complex web applications.

Let’s secure Apache with an SSL/TLS certificate.

Once the certificate is implemented, the configured domain/IP will be accessible over HTTPS.

Let’s get it started.

On a high level, we will do the following.

  • Compile Apache HTTP 2.4.5 with SSL module
  • Get SSL Certificate
  • Configure Apache to support SSL

Install Apache with SSL from Source

To configure SSL, Apache HTTP must be compiled with mod_ssl. I’ll use CentOS 7 VM from Digital Ocean to demonstrate this.

  • Login to Linux server with root and download the latest version of Apache
wget .

Note: you can check here for the latest version.

  • Extract by gunzip command
gunzip -c httpd-2.4.25.tar.gz | tar xvf -
  • You will have a new folder “httpd-2.4.25
  • Go inside and execute the following configure command
./configure --enable-ssl –-enable-so

Note: If you are doing this on a brand new server, then you may experience issues related to APR, PCRE, and OpenSSL, and you may refer the troubleshooting guide.

Ensure you don’t get any error from the above configure command, and next you got to install with make commands.

make install

As usual, ensure no errors from the above commands. This concludes you have installed an Apache web server with SSL support.

Getting an SSL Certificate

There are multiple ways to generate and get the SSL cert signed by the certificate authority.

If you are looking to implement SSL in the Intranet web server, then most of the organization has an internal certificate issuer team, so you got to check with them. But you still need to generate a CSR (Certificate Signing Request), and you can do it using OpenSSL.

However, if you are looking to secure an Internet-facing URL then either you can buy a certificate from VeriSign, GoDaddy, Namecheap, ZeroSSL, etc., or get a FREE cert from Let’s Encrypt.

Let’s Encrypt is a Linux Foundation Collaboration Project who offers a FREE SSL/TLS certificate. I will use Let’s Encrypt to get one certificate for my domain –

There are multiple ways to generate CSR, but the easiest one I found is using the “SSL For FREE” online tool.

Enter the URL that you want to secure

Verify the domain ownership by one of the listed methods and download your domain certificate files.

You will get three files that we will use next to configure the Apache webserver.

  1. key – this is your key file and shouldn’t be shared with anyone publicly
  2. Certificate – actual SSL certificate for your domain
  3. Ca_bundle – Signer root/intermediate certificate

Transfer the downloaded file to the Web Server. We will need them shortly.

Apache SSL Configuration

And a final step would be to configure Apache so it can serve the request over HTTPS.

  • Log in to the Apache webserver
  • Take a backup of httpd.conf file (default location /usr/local/apache2/conf/)
  • Open the file with the vi editor and ensure mod_ssl module & httpd-ssl.conf exists and not commented
LoadModule ssl_module modules/ 
Include conf/extra/httpd-ssl.conf

We will use httpd-ssl.conf file to configure the certificate details. There are the following you need to ensure it exists the right parameters.

  1. SSLCertificateFile – Certificate CRT file path which you downloaded earlier
  2. SSLCertificateKeyFile –  private.a key file path
  3. SSLCertificateChainFile – ca_bundle.crt file path

Tip: you may want to create a new folder called “ssl” and keep all the certificate-related files in this.

  • Take a backup if needed and use the vi editor to modify the file.
SSLCertificateFile "/usr/local/apache2/conf/ssl/certificate.crt"
SSLCertificateChainFile "/usr/local/apache2/conf/ssl/ca_bundle.crt"
SSLCertificateKeyFile "/usr/local/apache2/conf/ssl/private.key"

Next, you need to configure the “ServerName” directive. Usually, it’s your domain/URL name

  • Save the file and restart the Apache Webserver
cd /usr/local/apache2/bin 
./apachectl stop 
./apachectl start

And finally, you got to ensure your domain is mapped to the newly configured web server IP. Once done, try to access your domain with HTTPS.

And as you can see, is accessible over https with the certificate I configured.

The above steps are essential for setting up an SSL certificate, and you must tweak the SSL further to harden and secure which I explained here. Before go-live, you may also want to test your web server SSL/TLS to ensure it’s not exposed to common security vulnerabilities.

I hope this gives you an idea of how to implement an SSL certificate on your Apache Web server, so URL is accessible over HTTPS.

Share on:
  • Chandan Kumar
    Chandan Kumar is a seasoned technology enthusiast and entrepreneur passionate about empowering businesses and individuals globally. As the founder of Geekflare, a leading technology publication, Chandan has spearheaded the development…

Thanks to our Sponsors

More great readings on Apache HTTP

Power Your Business

Some of the tools and services to help your business grow.
  • The text-to-speech tool that uses AI to generate realistic human-like voices.

    Try Murf AI
  • Web scraping, residential proxy, proxy manager, web unlocker, search engine crawler, and all you need to collect web data.

    Try Brightdata
  • is an all-in-one work OS to help you manage projects, tasks, work, sales, CRM, operations, workflows, and more.

    Try Monday
  • Intruder is an online vulnerability scanner that finds cyber security weaknesses in your infrastructure, to avoid costly data breaches.

    Try Intruder