6 Simple steps to Install SSL Certificate

Home > Guides


Regardless of the kind of server you use (Apache HTTP Server, Tomcat or IIS), this simple guide to SSL Certificate installation will give you the overall idea of how the SSL Certificate is issued and installed and will help you in understanding the steps and troubleshoot the problems that you may be facing.



What You need

You need three files to successfully install SSL Certificate on your domain.


 SSLCertificateFile /path/to/examplesite.crt


 SSLCertificateKeyFile /path/to/privatekey.key


 SSLCertificateChainFile /path/to/intermediate.crt


SSLCertificateFile - This should point to your server certificate which you get when you get a certificate issued from SSL provider.


SSLCertificateKeyFile - This should point to your server's private key that you generate using openssl command in Apache


SSLCertificateChainFile - This should point to the intermediate certificate provided by your SSL provider which connect to their ROOT CA.


Step 1. Create a CSR (Certificate Signing Request) using openSSL in Apache

  • In order to receive SSLCertificateFile (also known as the public key) from your SSL provider, you need to generate something called a CSR from your server. You generate that by running a simple command on your server.

  • This step will create a Public Key (CSR) and a corresponding Private key. This Request file is created using one simple openssl command on your Apache server, and the command created this request file and a private key. 

  • The CSR file that gets generated is Base64 encoded which looks like this


Navigate to the folder in which you wish to keep the SSL files and run this command.

openssl req -out CSR.csr -new -newkey rsa:2048 -nodes -keyout privateKey.key


  • This command will generate two files

    • CSR.csr - The CSR file used to get the Certificate from your SSL provider

    • privateKey.key - The private key corresponding to your public key which is kept on your Server.

  • Each of these files should be viewable in a texteditor like notepad. Open the two files in a texteditor and make sure there are no empty spaces and the files have the following headers.






Open the Private key in text editor and make sure it is not Encrypted or else the apache would not be able to read the private ke







Step 2. Get the SSLCertificate file

  • Copy the CSR contents and provide them to your SSL provider. They will send you an SSLCertificate (again a base64 encoded text) through email/their dashboard. 

  • If you are copying the SSLCertificate from your SSL providers dashboard, look for an option to copy the Certificate in PEM format.

  • Save the contents of the SSLCertificate file  in a text editor as .crt

  • Now you have the second file that is needed to set up your SSL Installation.


The SSLCertificate headers look like this






Step 3. Get the Intermediate Certificate in TXT

Based on your type of SSL Certificate (OV, DomainSSL etc), you will have an intermediate certificate file provided for your type of SSL by your SSL provider.


For example, this is the file provided by GlobalSign for DomainSSL



Copy the Base64 Encoded text and save it as intermediate.crt.


If you open this file in a text editor, it should open well in Base64 format.

Step 4. Bind the Files in Apache


  • Now you give the path to your apache ssl.conf file to look for the three files.

  • Depending on your Apache/Tomcat distribution and your OS, your SSL configuration settings could be a standalone file in the /var/httpd/ssl.conf or it may be a part of your apache config file itself.


<VirtualHost xxx.xxx.x.x:443>


DocumentRoot /var/www/examplesite

ServerName example.com or www.example.com

SSLEngine on


SSLCertificateFile /path/to/sslcertificate.crt

SSLCertificateKeyFile /path/to/privateKey.key

SSLCertificateChainFile /path/to/intermediate.crt




Step 5. Give access to your root system

  • You have new files created and these files may have the wrong ownership and access. Make sure your root system is the owner and can access these files without any denial of permissions.


sudo chown root /path/to/sslcertificate.crt

sudo chown root /path/to/privateKey.key

sudo chown root intermediate.crt

Step 6. Restart your Server


  • If you have gone through all the steps correctly, you shouldn’t face any issues once you restart your apache server.

  • Once you restart successfully, head to your website and give it some time. In a matter of few minutes, you should see your new certificate installed on your server perfectly.

Comment Form is loading comments...

Table of contents