Purpose: SSL/TLS certificate installation guide
For Apache Server (on Linux)
Need help generating a Certificate Signing Request (CSR) with this server?
If you are an ECS Enterprise account user, you may use the ACME Services for Entrust tool to auto-create the CSR. Otherwise, please use our Open SSL CSR command builder.
After you have obtained the command to use to create the CSR from the command builder, open your terminal and paste the command. A CSR and private key will be created.
Steps to install SSL Certificate on Linux Apache Web Server.
Skip to steps
Before you begin...
- Make sure you back up your Apache configuration files before making any changes. If you are replacing an existing certificate, do not delete the existing certificate or private key files in case you need to revert your previous configuration.
- Never share private keys files.
- If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
- It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
- Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
- For more information on SSL/TLS Best Practices, click here.
- You must be able to sudo as root or have root access to the server in order to perform the commands below. Not being able to do so or having such access will lead to a permissions denied error. In this article, we will use the sudo command. If you are able to log in as root, disregard the "sudo" portion of the commands listed in this article.
- You must have ssl turned on for your Apache server and you must have the site for which you are going to be installing the certificate enabled.
1) Copy the certificate files to your server
2) Configure the Apache server to point to certificate files
3) Test the configuration was successful
4) Restart the Apache server
1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a zip file that contains the following files:
- ServerCertificate.crt: Your signed SSL/TLS certificate
- ChainBundle2.crt: The Entrust Certificate chain files
2. Once the files have been extracted from the zip file, copy the files into a directory where you will store your certificate files on your server. Make sure you include your private key file that was generated when your created your CSR, as this will be required to configure SSL/TLS on your Apache server.
Part 2 of 4: Configure Apache server to point to certificate files
1. Open your Apache server configuration file and locate the virtual host entry for the website that will use the certificate. The location of the configuration file may vary depending on the Apache distribution and server Operating System. Look for the following directories and files on your server:
2. In the "Virtual Host" section, add the directives shown in bold below if they are not already included in the configuration file. If these directives are already included, simply modify the file so that each directive is pointing to the new server certificate, certificate chain, and private key files.
SSLCertificate file is your Server Certificate file (ServerCertificate.crt)
SSLCertificateChainFile is the Chain bundle file (ChainBundle2.crt)
SSLCertificateKeyFile is your server’s private key that was generated previously
Part 3 of 4: Test the configuration was successful
Test your Apache config with the following command:
sudo apachectl configtest
Part 4 of 4: Restart the Apache server
Restart your Apache server by running the following command:
sudo apachectl restart
Your SSL/TLS Certificate should now be installed. If you have any questions or concerns please contact the Entrust Certificate Services support department for further assistance.
Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET
North America (toll free): 1-866-267-9297
Outside North America: 1-613-270-2680 (or see the list below)
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
|Australia||0011 - 800-3687-7863|
|Austria||00 - 800-3687-7863|
|Belgium||00 - 800-3687-7863|
|Denmark||00 - 800-3687-7863|
|Finland||990 - 800-3687-7863 (Telecom Finland)|
00 - 800-3687-7863 (Finnet)
|France||00 - 800-3687-7863|
|Germany||00 - 800-3687-7863|
|Hong Kong||001 - 800-3687-7863 (Voice)|
002 - 800-3687-7863 (Fax)
|Ireland||00 - 800-3687-7863|
|Israel||014 - 800-3687-7863|
|Italy||00 - 800-3687-7863|
|Japan||001 - 800-3687-7863 (KDD)|
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
|Korea||001 - 800-3687-7863 (Korea Telecom)|
002 - 800-3687-7863 (Dacom)
|Malaysia||00 - 800-3687-7863|
|Netherlands||00 - 800-3687-7863|
|New Zealand||00 - 800-3687-7863|
|Norway||00 - 800-3687-7863|
|Singapore||001 - 800-3687-7863|
|Spain||00 - 800-3687-7863|
|Sweden||00 - 800-3687-7863 (Telia)|
00 - 800-3687-7863 (Tele2)
|Switzerland||00 - 800-3687-7863|
|Taiwan||00 - 800-3687-7863|
|United Kingdom||00 - 800-3687-7863|
0800 121 6078
+44 (0) 118 953 3088