# Apache 2.x Certificate Deployment **Step 1: Obtain server certificate and save to the same directory** After the certificate is approved, you can directly download the certificate from the console. The content format of the certificate file is as follows. Save the first code as a crt format file (text format) such as domain.crt, and paste the second and third paragraphs into a text and save a crt format file such as CA.crt. ``` -----BEGIN CERTIFICATE----- MIIDDTCCAfUCAQAwgZQxCzAJBgNVBAYTAkNOMRIwEAYDVQQIDAnkuIrmtbfluIIx EjAQBgNVBAcMCeS4iua1t+W4gjEtMCsGA1UECgwk5LiK5rW35Z+f6IGU6L2v5Lu2 5oqA5pyv5pyJ6ZmQ5YWs5Y+4MRIwEAYDVQQLDAnmioDmnK/pg6gxGjAYBgNVBAMT EXd3dy50cnVzdGFzaWEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC AQEAyr8u1KAV2ZZ7UmnFgssNV/iyGoNsBsRCI8ZtDneM8gDM1EoteG0nMitPxuPZ Vwfar9TTYGmJ8PTP3G80aM+hC1oQQbs3iOVWIus/R/AXCtTNQ8CpMDvXjLLMjV5X KbZotyVL1KpoEw8nyWwtoiDXPJe3OyFYZ7HHx1qBPWvHogwQgn4UhPH/k3/e1GYc lErZnWq2h2vVDB6sk01X1GuRTXYWozeB7dXYrCcU++umo4Q+pbGw8aWkhZ4WxuWg vssYC2bHbrv7HiBzBq/E/v8= -----END CERTIFICATE----- ``` Finally, save the three files: domain.crt, CA.crt, and domain.key (the private key generated when applying for the certificate, saved as domain.key) to the same directory, such as /usr/local/apache/conf. **Step 2: Update httpd.conf Configuration File** 1. Open the conf/httpd.conf file in the Apache root directory with a text editor and find ``` #LoadModule ssl_module modules/mod_ssl.so ``` and ``` #Include conf/extra/httpd-ssl.conf ``` Remove the \# at the beginning 2. Open the conf/extra/httpd-ssl.conf file in the Apache root directory with a text editor and modify the following content: DocumentRoot "/var/www/html" ServerName www.trustasia.com SSLEngine on SSLCertificateFile /usr/local/apache/conf/domain.crt SSLCertificateKeyFile /usr/local/apache/conf/domain.key SSLCertificateChainFile /usr/local/apache/conf/CA.crt Here are explanations for configuration file parameters: SSLEngine on Enable SSL functions ----- SSLCertificateFile Certificate file domain.crt ----- SSLCertificateKeyFile Private key file domain.key ----- SSLCertificateChainFile Certificate chain file CA.crt After configuring according to the above steps, restart Apache and you can access via https:// * .* If you have any questions or doubts, please contact us directly, thank you.