identification.com®
Back to Guides
Intermediate Guide

SSL Certificate Installation Guide

Step-by-step instructions for installing SSL certificates on popular web servers

Before You Begin

Prerequisites

  • Root or administrator access to your web server
  • SSL certificate files from your Certificate Authority (CA)
  • Private key file (generated during CSR creation)
  • Intermediate certificate bundle (if provided)

Understanding Certificate Files

After purchasing an SSL certificate, you'll receive several files:

  • Certificate file: Usually named your_domain.crt or certificate.crt
  • Private key: Generated during CSR creation (private.key)
  • Intermediate certificates: CA bundle or chain certificates1
  • Root certificate: Sometimes included, often pre-installed

Apache Installation

Step 1: Upload Certificate Files

Upload your certificate files to your server. Common locations:

/etc/ssl/certs/ # For certificate files

/etc/ssl/private/ # For private key

Step 2: Configure Apache Virtual Host

Edit your SSL virtual host configuration with modern SSL settings2:

<VirtualHost *:443>
    ServerName www.yourdomain.com
    DocumentRoot /var/www/html
    
    SSLEngine on
    SSLCertificateFile /etc/ssl/certs/your_domain.crt
    SSLCertificateKeyFile /etc/ssl/private/private.key
    SSLCertificateChainFile /etc/ssl/certs/intermediate.crt
    
    # Modern SSL Configuration
    SSLProtocol -all +TLSv1.2 +TLSv1.3
    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256
    SSLHonorCipherOrder on
</VirtualHost>

Step 3: Enable SSL Module and Site

sudo a2enmod ssl

sudo a2ensite your-ssl-site.conf

sudo systemctl restart apache2

Step 4: Test Configuration

sudo apache2ctl configtest

Nginx Installation

Step 1: Combine Certificate Files

Nginx requires the certificate and intermediate certificates in one file:

cat your_domain.crt intermediate.crt > bundle.crt

Step 2: Configure Nginx Server Block

Edit your Nginx configuration:

server {
    listen 443 ssl http2;
    server_name www.yourdomain.com;
    
    ssl_certificate /etc/ssl/certs/bundle.crt;
    ssl_certificate_key /etc/ssl/private/private.key;
    
    # Modern SSL Configuration
    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256;
    ssl_prefer_server_ciphers off;
    
    # HSTS
    add_header Strict-Transport-Security "max-age=63072000" always;
    
    location / {
        root /var/www/html;
        index index.html;
    }
}

Step 3: Test and Reload

sudo nginx -t

sudo systemctl reload nginx

IIS (Windows) Installation

Step 1: Import Certificate

  1. Open IIS Manager
  2. Click on the server name in the left panel
  3. Double-click "Server Certificates"
  4. Click "Import..." in the Actions panel
  5. Browse to your .pfx file3 and enter the password

Step 2: Bind Certificate to Website

  1. Select your website in IIS Manager
  2. Click "Bindings..." in the Actions panel
  3. Click "Add..." and select:
    • Type: https
    • Port: 443
    • SSL certificate: Select your imported certificate
  4. Click OK to save

Troubleshooting Common Issues

Certificate Chain Issues

If browsers show "certificate not trusted", ensure all intermediate certificates are installed. The certificate chain must be complete from your certificate to a trusted root.

Private Key Mismatch

Verify your certificate matches your private key:

openssl x509 -noout -modulus -in certificate.crt | openssl md5

openssl rsa -noout -modulus -in private.key | openssl md5

Mixed Content Warnings

After installation, ensure all resources (images, scripts, styles) are loaded over HTTPS. Update any hardcoded HTTP URLs to HTTPS or use protocol-relative URLs (//example.com).

Post-Installation Steps

Test Your Installation

Use online SSL checkers or our SSL Checker tool to verify proper installation.

Configure HTTP to HTTPS Redirect

Ensure all HTTP traffic redirects to HTTPS automatically.

Enable HSTS

Add HTTP Strict Transport Security headers for enhanced security.

Set Up Renewal Reminders

SSL certificates expire. Set calendar reminders 30 days before expiration.

Need Installation Help?

Our security experts can help with SSL installation, configuration, and ongoing management.

Get Expert HelpSSL Best Practices →

Sources & References

  1. 1 SSL Certificate Chain Explanation - SSL.com:https://www.ssl.com/faqs/what-is-a-certificate-chain/(Accessed: July 15, 2025)
  2. 2 Mozilla SSL Configuration Generator:https://ssl-config.mozilla.org/(Accessed: July 15, 2025)
  3. 3 IIS SSL Certificate Installation - Microsoft Documentation:https://docs.microsoft.com/en-us/iis/manage/configuring-security/how-to-set-up-ssl-on-iis(Accessed: July 15, 2025)