Apache SSL is a very custom environment and your system may differ. Below are generalized instructions. If you have a custom installation, you will need to adjust these instructions appropriately.
Like the majority of server systems you will install your SSL certificate on the same server where your Certificate Signing Request (CSR) was created. Your private key will always be left on the server system where the CSR was originally created. Your SSL certificate will not work without this private key file. We will assume that this is the original system.
To install your SSL certificate On Apache SSL perform the following.
Step 1: Downloading your SSL Certificate & its Intermediate CA certificate:
- If you had the option of server type during enrollment and selected Other you will receive a x509/.cer/.crt/.pem version of your certificate within the email. Alternately you can access your Certificate User Portal by the supplied link in the email to pick up the x509 version of your certificate.
- Copy the SSL certificate and make sure to copy the —–BEGIN CERTIFICATE—– and —–END CERTIFICATE—– header and footer Ensure there are no white spaces, extra line breaks or additional characters.
- Use a plain text editor such as Notepad, paste the content of the certificate and save it with extension .crt
- If your intermediate CA certificate for your product is not in the body of the email you can access your Intermediate CA also in a link within that email. Copy and paste the contents of your Intermediate CA into its own Notepad file and save it with a .crt extension also.
Note: Some CAs may give you an Apache Bundle or CA Intermediate Bundle. This will consist of two intermediates stacked on top of each other. These two intermediates are to be in one file.
Step 2: Installing your SSL certificate:
Note: Apache uses a configuration file in order to manage its SSL certificate configurations, finding this httpd.conf or ssl.conf will enable you to configure you system properly.
- Referencing the httpd.conf or ssl.conf file look for the location and directories of the three files necessary.
Note: Below is an general example of the names and locations of these files, your environment may differ.
- SSLCertificateFile /usr/local/ssl/crt/public.crt
- SSLCertificateKeyFile /usr/local/ssl/private/private.key
- SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
- SSLCertificateFile tells Apache how to find the SSL certificate file.
- SSLCertificateKeyFile tells Apache how to find the private key file.
- SSLCertificateChainFile or SSLCACertificateFile tells Apache the location of the Intermediate file
- You will move your certificate files to these locations and change your httpd.conf file to reflect those file names.
Note: On some Apache systems you may Not have three files or directories present. You may only have only two such as SSLCertificateFile, and SSLCertificateKeyFile. This if fine. Your options are one of the following.
- Open both your SSL Certificate file and your Intermediate CA in their own notepads .txt Open a new notepad .txt file. Cope and paste the contents of your ssl certificate including the —-begin certificate —– and —– end certificate —– into that new notepad file.
- Repeat the above process now with your Intermediate Certificate pasting it right below your SSL Certificate.
It should look like this.
*Server Device/SSL cert*
*Intermediate CA cert *
- Save the New note pad file with both certificates within it with a .crt This is your new SSLCertificateFile its contains both SSL Certificate and Intermediate which Apache can read when configured.
- If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path or file names to reflect your server.
Note: Some instances of Apache contain both have a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start.
- Save your httpd.conf file and restart Apache.
- You can most likely do so by using the apachectl script:apachectl stop
Your SSL certificate is now installed and configured for its website.
If you are unable to use these instructions for your server, Acmetek recommends that you contact either the vendor of your software or an organization that supports Apache.