Subscribe:

Sunday, 10 June 2012

How install Geotrust SSL Certificate on Apache Server

To install the Geotrust SSL Certificate onto Apache, please follow these steps:

Step 1: Download the Geotrust intermediate CA Certificates

To download the Geotrust intermediate CA Certificates, refer to article AR1421

Save the intermediate certificate file into a directory, for example /usr/local/ssl/crt/intermediate.crt - Note the path and filename the certificate file was saved in as it will need to be referenced when updating the Apache configuration file.


Step 2: Download the SSL Certificate

Your SSL certificate will be sent imbedded in the body of the email, copy the code including the ----- BEGIN CERTIFICATE ----- & ----- END CERTIFICATE ----- and paste it into a text editor like Notepad or Vi. Do not use Microsoft Word or other word processing programs that may add characters or additional spacing. Confirm that there are no extra lines or spaces in the file.

1.After pasting the certificate code in a text editor, save the filename with a .crt extension. For example: cert.crt
2. Save the certificate file into a directory, for example /usr/local/ssl/crt/cert.crt - Note the path and filename the certificate file was saved in as it will need to be referenced when updating the Apache configuration file

Step 3: Configure the Server

In order to use the key pair, the configuration file will need to be updated.  To update the file:

1. Open the configuration file and find the Virtual Host settings.
2. Verify that you have the following 3 directives within this Virtual Host and add them if they are not present:

SSLCertificateFile /usr/local/ssl/crt/public.crt 
SSLCertificateKeyFile /usr/local/ssl/private/private.key 
SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt 

For Example

If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path and filename to reflect your server.

Note: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start

The VirtualHosts should be configured as follows:
<VirtualHost [IP ADDRESS]:443>
                ServerAdmin admin@domain.com
                DocumentRoot /www/home
                ServerName www.domain.com
                ErrorLog /www/home/logs/error_log
                SSLEngine on
                SSLProtocol all
                SSLCertificateFile /etc/httpd/conf/ssl.crt/www.domain.com.crt
                SSLCertificateKeyFile /etc/httpd/conf/ssl.key/www.domain.com.key
                SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
                ServerPath /home
                <Directory "/www/home">
                </Directory>
</VirtualHost>


3. Save your config file and restart Apache. You can most likely do so by using the apachectl script:

apachectl stop

apachectl startssl

Check that apache has successfully started. It's recommended you check the apache error logs if apache fails to start for hints on the problem.

For instructions on creating a Private Key and CSR in apache, refer to article AR876

No comments:

Post a Comment