Apache from version 2.4.8.- Certificate installation
After issuing the certificate shall be sent by e-mail. The certificate can also be downloaded in the Control Panel.
The certificate file has the same name as the domain name which it was issued for, for example www_sslcertificaten_nl.crt unless there is a multi-domain certificate; in that case, the filename is a number.
Preparation
To install the certificate it has to be added to the configuration file. Since Apache 2.4.8 there is a new method for which the certificate is combined with the root and intermediate certificates. The latter is not anymore separately put in the configuration. The previously used method works at the time of writing, but it is unclear until when this method will be supported. It is therefore advisable to comply to the new procedure when working with Apache 2.4.8 or later. The method used to combine the certificates in the correct manner and configuring Apache is described below.
Copy the certificate to the directory where the certificates are stored and where the private key is stored in. In the manual to create the CSR using OpenSSL was used for example /etc/ssl/cert/
. The file containing the private key is called in this example www_sslcertificaten_nl.key and file the certificate is called www_sslcertificaten_nl.crt.
Download the root and intermediate certificates. The root and intermediate certificates must be installed on the server so that browsers and other clients will trust the certificate.
The combined file should eventually include all certificates to be used in the following order:
-----BEGIN CERTIFICATE-----
code from your SSL Certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
code from 2nd Intermediate certificate (when required)
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
code Intermediate certificate
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
code Root certificate
-----END CERTIFICATE-----
This file can be created with the cat command:
cat www_sslcertificaten_nl.crt 2nd_intermediate.crt 1st_intermediate.crt root.crt > certificate_bundle.crt
Replace in the example above the bold file names by their own file names.
Certificate installation including Root and intermediate certificates
After combining all these certificates they can be declared together with the private key to be included in the Apache configuration:
- Open the configurationfile, like httpd.conf, with your favorite texteditor.
[root@server /]# nano /etc/httpd/conf.d/httpd.conf
- Navigate to the SSLEngine-part and modify or add the following lines:
SSLCertificateFile /etc/httpd/conf.d/certificaat_bundle.crt
SSLCertificateKeyFile /etc/httpd/conf.d/www_sslcertificaten_nl.key
NoteChange the names and/or paths to the corresponding files, depending on the operationsystem of the server. - Save the modifications and reload Apache:
[root@server /]# apachectl stop
[root@server /]# apachectl start
All requirements have been completed now regarding the installation of the certificate. Make sure that the files are secured and that you maintain a backup in a secured space.
SSLCheck
Our SSLCheck will examine your website's root and intermediate certificates for correctness and report any potential issues