|
Certificate installation Instructions
Note: If you have a SSL Web Server Certificate or SSL123 Certificate please follow steps 1 to 3. If you have a SGC SuperCert please follow steps 1 to 4. If you have a SSL Web Server Wildcard Certificate please install the certificate using the instructions at the following link: http://www.thawte.com/support/apachewild_install.html
Copy your certificate into a text editor such as notepad/vi including the header and footer and save the certificate file as www.mydomain.com.crt. You should then have a text file that looks like this:
Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
If you did not receive your certificate please download it using the instructions in the following Knowledge Base solution: SO7369
a. Copy the certificate to the Apache directory in which you plan to store your certificates (example: /etc/httpd/conf/ssl.key/ or /etc/httpd/conf/ssl.crt/).
b. Open the Apache httpd.conf file in a text editor (notepad/vi). Locate the SSL VirtualHost associated with your certificate. Verify that you have the following 2 directives within this virtual host. Please add them if they are not present:
SSLCertificateKeyFile //where/the/key/is/located/www.mydomain.com.key
SSLCertificateFile /where/the/certificate/is/located/www.mydomain.com.crt
Note that some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter the information in both as there will be a conflict and Apache will not start.
c. Save the changes and exit the editor.
d. Stop and start the Apache daemon which will register the changes that have been made in the config file. You can use the following commands:
/usr/sbin/apachectl stop
/usr/sbin/apachectl startssl
or:
/usr/sbin/httpd -k stop
/usr/sbin/httpd -DSSL
Make sure you assign port 443 and a unique ip address (i.e <VirtualHost 192.168.20.248:443>)to the virtual host. Apache does not support name based virtual hosts therefore host headers must not be specified in the VirtualHost directive.
Note If the server is behind a firewall please make sure port 443 has been enabled on the firewall.
Install the SGC CA Intermediate Certificate (step 4 is only required if you are installing a SGC SuperCert)
a. Copy your Intermediate CA Certificate into a text editor such as notepad/vi including the header and footer. Save the certificate to the same location that the issued certificate is stored.
b. Please add the following directive in your virtual host:
SSLCACertificateFile /where/the/certificate/is/located/intermediate.crt
c. Save the changes made to your httpd.conf file.
d. You will also need to restart the entire server and not just the daemon, in order for the installation to take an effect.
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.
If you encounter any problems, or errors when going through these steps, please read our Apache FAQ’s. http://www.thawte.com/support/ssl/apache.html
| 
