EV SSL Certificate Installation in Apache

If you have not yet created a Certificate Signing Request (CSR) and ordered your certificate, see
OpenSSL CSR Creation for Apache SSL or try our CSR Generator OpenSSL CSR Creation.

Apache Server EV SSL Certificate Installation

As soon as your EV certificate is approved, it will be sent to the email address you entered during the order process. The certificate files will all be included in a .zip attachment. The EV certificate can also be downloaded from your DigiCert Customer account inside the "EV Certificate Manager" area.

  1. Copy the Certificate files to your server.

    Download your Intermediate (DigiCertCA.crt) and Primary Certificate (your_domain_name.crt) files from your Customer Area, then copy them to the directory on your server where you will keep your certificate and key files. Make them readable by root only.

  2. Find the Apache config file to edit.

    The location and name of this file varies from server to server, especially if you use a special interface to manage your server configuration.

    Apache configuration files are usually found in /etc/httpd. The main configuration file is often named httpd.conf. In some cases the <VirtualHost> blocks will be at the bottom of this httpd.conf file. Sometimes you will find the <VirtualHost> blocks in their own files under a directory like /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf.

    Once you open the file in a text editor, find the <VirtualHost> blocks that contain the settings for your website.

  3. Identify the SSL <VirtualHost> block to configure

    If you need your site to be accessible through both secure (https) and non-secure (http) connections, you will need a virtual host for each type of connection. Make a copy of the existing non-secure virtual host and configure it for SSL as described in step 5.

    To set up your site to only be accessible securely, configure the existing virtual host for SSL as described in step 5.

  4. Configure the <VirtualHost> block for the SSL-enabled site.

    Below is a simple example of a virtual host configured for SSL. The bold parts must be added for SSL configuration:

    DocumentRoot /var/www/html2
    ServerName www.yourdomain.com
    SSLEngine on
    SSLCertificateFile /path/to/your_domain_name.crt
    SSLCertificateKeyFile /path/to/your_private.key
    SSLCertificateChainFile /path/to/DigiCertCA.crt


    Adjust the file names to match your certificate files:

    • SSLCertificateFile should be your DigiCert certificate file (eg. your_domain_name.crt).
    • SSLCertificateKeyFile should be the key file generated when you created the CSR.
    • SSLCertificateChainFile should be DigiCertCA.crt
  5. Test your Apache config before restarting.

    It is always best to check your Apache config files for any errors before restarting, because Apache will not start again if your config files have syntax errors. Run the following command (it is apache2ctl on some systems):

    apachectl configtest

    ***Troubleshooting Tip: Internet Explorer 7 also requires that the phishing filter be turned ON in order to turn the address bar green.

  6. Restart Apache.

    You can use apachectl commands to stop and start Apache with SSL support:

    apachectl stop
    apachectl start

    Note: If SSL doesn't work when you restart, try using "apachectl startssl" instead of "apachectl start". If support for SSL only loads with "apachectl startssl" you should change the apache startup configuration to include SSL support using the regular "apachectl start" command so that you don't have to run the "apachectl startssl" in the case of a server reboot. You can usually do this by removing the <IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.

  7. Test your SSL site with a browser.

    For best results close your web browser first and re-launch it. Go to your site using its https secure URL. Be sure to test with more than just Internet Explorer because IE can automatically download intermediate certificates but other browsers will give an error if all the certificates aren't installed properly.

    If your site is public, you can also use our Server Certificate Tester which can detect common problems.

    Troubleshooting tips:

    If you receive a "not trusted" warning, view the certificate to see if it is the certificate you expect. Check the Subject, Issuer, and Valid To fields. If the SSL Certificate is issued by DigiCert, then your SSLCertificateChainFile is not correctly configured.

    If you do not see the certificate you expect then you may have another SSL <VirtualHost> block before the one you recently configured. Name based virtual hosts are not possible with https unless you use the same certificate for all virtual hosts (e.g., a Wildcard Certificate, or a Multi-Domain (SAN) Certificate) It is not a limitation of Apache, but of the SSL protocol. Because Apache must send a certificate during the SSL handshake, before it receives the HTTP request which contains the Host header, Apache always sends the SSLCertificateFile from the first <VirtualHost> block that matches the ip and port of the request.

EV SSL Certificates :: Apache

How to install your EV SSL Digital Certificate to your Apache server.