Apache 1.3 - Certificate installation
Immediately after being issued, your SSL certificate will be sent to you by email. It is also possible to download the certificate from the Control Panel. The file containing the certificate will have the same name as the domain name it is meant for (for example: www_sslcertificaten_nl.crt).
Preparation
Copy the certificate to the folder in which the certificates are save, and where the private key is stored. In the manual for creating the CSR through OpenSSL /etc/ssl/cert/
is used. The file with the private key in this example is named www_sslcertificaten_nl.key , the file with the certificate is named www_sslcertificaten_nl.crt .
For the installation of the certificate, it must be declared in a configuration file. The same goes for the root- en intermediate certificates. The root- and intermediate certificates can be installed both together (by using a so-called bundle-file) as well as separately. Both methods are explained below.
Installation of certificates with a bundle file
The root en intermediate certificates must be installed on the server so that browsers and other clients will trust the certificate. These files are bundled in a so called bundle file for certificates from Comodo, Thawte, VeriSign and GeoTrust; this file can be downloaded from our site. Save this file to the same folder as the httpd.conf is stored in (for example /etc/httpd/
, although it is dependent on the distribution that was used).
- Open the httpd.conf file in a text editor:
[root@server /]# nano /etc/httpd/httpd.conf
- Scroll to the VirtualHost-part and add the following line:
SSLCACertificateFile /etc/httpd/bundle.crt
Note: replace bundle.crt with the actual name of the save bundle file. - Then scroll to the SSL-part and either change or add the following lines:
SSLCertificateFile /etc/ssl/cert/www_sslcertificaten_nl.crt
SSLCertificateKeyFile /etc/ssl/cert/www_sslcertificaten_nl.key
SSLCACertificateFile /etc/httpd/bundle.crt
Note: where necessary, change the file name and/or path to the certificate, the private key and the ca-bundle file respectively, depending on the distribution or server. - Save the changes and restart Apache:
[root@server /]# apachectl stop
[root@server /]# apachectl start
Installation of separate certificates
It is also possible to install separate root- and intermediate certificates. These files are automatically sent along with the regular certificate, but can als be downloaded. To install them:
- Save the file in the same folder as where httpd.conf is saved (usually
/etc/httpd/
). - Open httpd.conf with a text editor:
- Scroll to the Virtual Host part and add the following lines:
SSLCertificateFile /etc/ssl/cert/www_sslcertificaten_nl.crt
SSLCertificateKeyFile /etc/ssl/cert/www_sslcertificaten_nl.key
SSLCertificateChainFile /etc/httpd/conf/naam_rootcertificaatbestand.crt
SSLCertificateChainFile /etc/httpd/conf/naam_intermediatecertificaatbestand.crt
Note: where necessary, change the paths and names to the certificate, the root- and intermediate certificates and the private key. - Save the changes and restart Apache:
[root@server /]# apachectl stop
[root@server /]# apachectl start
All necessary steps to install your web server certificate have now been completed. Please make sure to adequately secure your certificate files, and to store a backup of your private key and web server certificate in a safe location. You should also install the root and intermediate certificates. Check whether the certificate is correctly installed with the SSLCheck and ensure an optimal configuration with these tips and settings.
Please do not hesitate to contact us if you encounter problems or error messages.
SSLCheck
Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues