SSLEngine, SSLCertificateKeyFile, SSLCertificateFile

These directives are commonly used in Apache HTTP Server configuration files (httpd.conf or .htaccess) to enable SSL/TLS encryption and specify the SSL certificate details. Here's what each directive does:

1. SSLEngine

The SSLEngine directive is used to enable SSL/TLS encryption for a particular virtual host or directory context in Apache. It has two possible values:

  • On: Enables SSL/TLS encryption.

  • Off: Disables SSL/TLS encryption (default).

Example:

SSLEngine on

2. SSLCertificateKeyFile

The SSLCertificateKeyFile directive specifies the path to the private key file associated with the SSL certificate. This file should contain the private key that matches the public key in the SSL certificate file.

Example:

SSLCertificateKeyFile /etc/ssl/private/server.key

3. SSLCertificateFile

The SSLCertificateFile directive specifies the path to the SSL certificate file. This file contains the public key certificate that the server sends to clients during the SSL/TLS handshake.

Example:

SSLCertificateFile /etc/ssl/certs/server.crt

Usage

  • Enabling SSL/TLS: Use SSLEngine on to enable SSL/TLS encryption.

  • Private Key: Specify the path to the private key file using SSLCertificateKeyFile.

  • Public Key Certificate: Specify the path to the SSL certificate file using SSLCertificateFile.

Notes

  • Security: Ensure that the private key file (SSLCertificateKeyFile) is stored securely and has proper permissions (e.g., only readable by the Apache user).

  • Certificate Format: Both SSLCertificateKeyFile and SSLCertificateFile expect PEM-encoded files by default. Ensure your certificate and key files are in this format.

  • Intermediate Certificates: If your SSL certificate requires intermediate certificates (chain certificates), you may need additional directives (SSLCertificateChainFile or SSLCertificateFile with full chain) to include them in the SSL handshake.

These directives are crucial for configuring SSL/TLS encryption in Apache, ensuring secure communication between clients and your web server. Adjustments to these settings may be necessary based on your server setup and the SSL certificate provider's requirements.

PreviousSSLCACertificateFile, SSLCACertificatePathNextSSLProtocol, SSLCipherSuite, ServerTokens, ServerSignature, TraceEnable

Last updated