This document describes how to install an SSL certificate on an Apache server.
Note
The certificate name cloud.tencent.com is used as an example.
The Apache version used as an example is Apache/2.4.6. The default port is 80. You can download it from the Apache official website. If you need to use other versions, please contact us.
The current server OS is CentOS 7. Detailed steps vary slightly with the OS version.
Before installing an SSL certificate, enable port 443 on the Apache server to ensure that HTTPS can be enabled after the certificate is installed. For more information, see How Do I Enable Port 443 for a VM?.
For detailed directions on how to upload SSL certificate files to a server, see Copying Local Files to CVMs.
Preparations
A remote file copy tool, such as WinSCP, has been prepared (it is recommended to download the latest version from the official website). If you are deploying to a Tencent Cloud server, it is recommended to use the server's file upload feature. For more information, see Uploading Files to the Cloud Server.
Install the remote login tool such as PuTTY or Xshell.
The Apache service has been installed and configured on the current server.
The data required to install the SSL certificate includes:
Name
Note
Server IP address
The server IP address, which is used to connect the PC to the server.
Username
The username used to log in to the server.
Password
The password used to log in to the server.
Note
For a CVM instance purchased on the Tencent Cloud official website, log in to the CVM console to get the server IP address, username, and password.
2. In the "Certificate Download" window that appears, select Apache for the server type, click Download and decompress the cloud.tencent.com certificate file package to a local directory. After decompression, you can obtain the relevant type of certificate files. This includes the cloud.tencent.com_apache folder:
Folder Name: cloud.tencent.com_apache
Folder content:
root_bundle.crt: Certificate file
cloud.tencent.com.crt: Certificate file
cloud.tencent.com.key: Private key file
CSR file content: cloud.tencent.com.csr file
Note
The CSR file, either uploaded by you or generated online by the system during the certificate application, is provided to the CA. This file can be disregarded during installation.
3. Log in to the Apache server using "WinSCP", a tool for copying files between local and remote computers.
We recommend using the file upload feature of the Cloud Virtual Machine (CVM) for deployment to Tencent Cloud CVM. For more details, please refer to Uploading Files to CVM.
4. Copy the obtained certificate file root_bundle.crt, the certificate file cloud.tencent.com.crt, and the private key file cloud.tencent.com.key from the local directory to the /etc/httpd/ssl directory on the Apache server.
Note
If there is no /etc/httpd/ssl directory, you can create it using the mkdir /etc/httpd/ssl command line.
5. Log in to the Apache server remotely. For instance, using the "PuTTY" tool.
Note
For a first-time Apache server installation, directories such as conf.d, conf, and conf.modules.d are located by default in the /etc/httpd directory.
6. Locate the configuration statement Include conf.modules.d/*.conf (used to load the SSL configuration directory) in the httpd.conf configuration file in the /etc/httpd/conf directory, and ensure that this configuration statement is not commented out. If it is commented out, remove the comment symbol (#) at the beginning of the line and save the configuration file.
7. Locate the configuration statement LoadModule ssl_module modules/mod_ssl.so (used to load the SSL module) in the 00-ssl.conf configuration file in the /etc/httpd/conf.modules.d directory. Ensure that this configuration statement is not commented out. If it is, remove the comment symbol (#) at the beginning of the line and save the configuration file.
Note
Given the variations in operating system versions, directory structures also differ. Please search according to your actual OS version. If you cannot find the configuration statements LoadModule ssl_module modules/mod_ssl.so and Include conf.modules.d/*.conf in the above configuration files, please verify if the mod_ssl.so module has been installed. If the mod_ssl.so module is not installed, you can install it by executing the yum install mod_ssl command.
8. Edit the ssl.conf configuration file in the /etc/httpd/conf.d directory. Make the following changes: