To install the Geotrust SSL Certificate onto Apache, please follow these steps:
Step 1: Download the Geotrust intermediate CA Certificates
To download the Geotrust intermediate CA Certificates, refer to article AR1421
Save the intermediate certificate file into a directory, for example /usr/local/ssl/crt/intermediate.crt - Note the path and filename the certificate file was saved in as it will need to be referenced when updating the Apache configuration file.
Step 2: Download the SSL Certificate
Your SSL certificate will be sent imbedded in the body of the email, copy the code including the ----- BEGIN CERTIFICATE ----- & ----- END CERTIFICATE ----- and paste it into a text editor like Notepad or Vi. Do not use Microsoft Word or other word processing programs that may add characters or additional spacing. Confirm that there are no extra lines or spaces in the file.
1.After pasting the certificate code in a text editor, save the filename with a .crt extension. For example: cert.crt
2. Save the certificate file into a directory, for example /usr/local/ssl/crt/cert.crt - Note the path and filename the certificate file was saved in as it will need to be referenced when updating the Apache configuration file
Step 3: Configure the Server
In order to use the key pair, the configuration file will need to be updated. To update the file:
1. Open the configuration file and find the Virtual Host settings.
2. Verify that you have the following 3 directives within this Virtual Host and add them if they are not present:
SSLCertificateFile /usr/local/ssl/crt/public.crt
SSLCertificateKeyFile /usr/local/ssl/private/private.key
SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
For Example
If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path and filename to reflect your server.
Note: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start
The VirtualHosts should be configured as follows:
<VirtualHost [IP ADDRESS]:443>
ServerAdmin admin@domain.com
DocumentRoot /www/home
ServerName www.domain.com
ErrorLog /www/home/logs/error_log
SSLEngine on
SSLProtocol all
SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
ServerPath /home
<Directory "/www/home">
</Directory>
</VirtualHost>
3. Save your config file and restart Apache. You can most likely do so by using the apachectl script:
apachectl stop
apachectl startssl
Check that apache has successfully started. It's recommended you check the apache error logs if apache fails to start for hints on the problem.
For instructions on creating a Private Key and CSR in apache, refer to article AR876
No comments:
Post a Comment