On our previous article we have seen how to enable SSL certificate on a Apache web server which was installed directly.
In this article we will be seeing how to install the SSL Certificate on our source installed Apache web server.
In source installation we have installed ssl modules and its attributes through the configure command by defining –enable-ssl. To know more about installing apache through source installation visit Apache Webserver – Installation from source (tar.gz and tar.bz2)
Configuring SSL:
The location of SSL configuration file is /usr/local/apache-2.4.37/conf/extra/httpd-ssl.conf where you will be mentioning your certificate path.
jhony@ljunix~$ ls /usr/local/apache-2.4.37/conf/certs/ ljunix.crt ljunix.csr ljunix.key
Your httpd-ssl.conf will have the servername and the location of the certificate, TLS version that supports your web server and etc.,.
# General setup for the virtual host DocumentRoot “/usr/local/apache-2.4.37/htdocs” ServerName http://www.ljunix.com:443 ServerAdmin admin@ljunix.com ErrorLog “/usr/local/apache-2.4.37/logs/error_log” TransferLog “/usr/local/apache-2.4.37/logs/access_log”
# Server Certificate: # Point SSLCertificateFile at a PEM encoded certificate. If # the certificate is encrypted, then you will be prompted for a # pass phrase. Note that a kill -HUP will prompt again. Keep # in mind that if you have both an RSA and a DSA certificate you # can configure both in parallel (to also allow the use of DSA # ciphers, etc.) # Some ECC cipher suites (http://www.ietf.org/rfc/rfc4492.txt) # require an ECC certificate which can also be configured in # parallel. SSLCertificateFile “/usr/local/apache-2.4.37/conf/certs/ljunix.crt” # Server Private Key: # If the key is not combined with the certificate, use this # directive to point at the key file. Keep in mind that if # you’ve both a RSA and a DSA private key you can configure # both in parallel (to also allow the use of DSA ciphers, etc.) # ECC keys, when in use, can also be configured in parallel SSLCertificateKeyFile “/usr/local/apache-2.4.37/conf/certs/ljunix.key”
Including the ssl conf:
You have to manually update the httpd.conf to include the httpd-ssl.conf file and to enable the ssl modules.
jhony@ljunix~$ vi /usr/local/apache-2.4.37/conf/httpd.conf
Uncomment the LoadModule declaration for ssl_module.
#LoadModule ssl_module modules/mod_ssl.so
LoadModule ssl_module modules/mod_ssl.so
Ucomment the below line which will include the httpd-ssl.conf where you have mentioned your SSL Certificates.
# Secure (SSL/TLS) connections #Include conf/extra/httpd-ssl.conf
# Secure (SSL/TLS) connections Include conf/extra/httpd-ssl.conf
In addition we need to enable socache module, Uncomment the LoadModule declaration for socache_shmcb_module.
#LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
LoadModule socache_shmcb_module modules/mod_socache_shmcb.so
Check the syntax of your apache configuration using -t command.
jhony@ljunix~$ /usr/local/apache-2.4.37/bin/apachectl -t
Restart the Apache Server:
Restart your Apache server to take the changes effect.
jhony@ljunix~$ /usr/local/apache-2.4.37/bin/apachectl graceful
Feel free to ask if you have any questions.
Linux World 
Leave a comment