After the purchase and release of SSL-certificate, you will receive a letter by mail with zip-archive, which will contain 2 files “namedomaine.ca-bundle” and “namedomaine.crt”. The first file contains the intermediate and root certificates, while the second is a certificate for your domain. (or codes of the certificate and CA certificate as a text file, in that case you need to create the files on your own).
Step 1. Copy on the server, into the directory where the Private Key is situated, files namedomaine.ca-bundle and domainname.crt.
For example, using the directory ‘/etc/ssl/youcrt/’. As ‘private.key’ shall mean Private key, and as ‘yourNAMEDOMAINE.crt’ – public key.
Note: we recommend to create a directory that will be visible only to the root directory, and transfer the private key to it.
Tip: for a given directory set the read permissions only for root user.
Step 2. Install root and intermediate certificates on the server.
2.1. In a text editor, open the configuration file of your server Apache 2.x httpd.conf. There you will find the VirtualHost, which refers to the SSL-certificate. It should contain the following three lines:
SSLCertificateChainFile /etc/ssl/youcrt/namedomaine.ca-bundle SSLCertificateFile /etc/ssl/youcrt/namedomaine.crt SSLCertificateKeyFile /etc/ssl/youcrt/private.key
If they are missing, add them.
For Apache 1.x use the directive SSLCACertificateFile instead of SSLCertificateChainFile:
Note: Virtual Host section may also be in ssl.conf file.
2.2. Before closing the text editor, save all changes.
2.3. Restart or launch Apache web server.
httpd.conf file for IP-based site should contain some or all of the following lines. Lines that are highlighted in bold are used for SSL configuring. Lines that are in italics are used for debugging.
DocumentRoot /var/www/html ServerName 192.168.1.98 ServerAdmin [email protected] ErrorLog /etc/httpd/logs/ssl_error_log TransferLog /etc/httpd/logs/ssl_access_log SSLEngine On SSLCertificateFile /etc/ssl/youcrt/namedomaine.crt SSLCertificateKeyFile /etc/ssl/youcrt/namedomaine.key SSLCertificateChainFile /etc/ssl/youcrt/namedomaine.ca-bundle SSLSessionCache dbm:/var/cache/httpd/ssl_cache
More information about configuring the Apache web server is contained on the site http://httpd.apache.org/docs-2.0/mod/mod_ssl.html.
To check the SSL settings and accuracy of their work, use a web browser. To do this, write in the address bar https://your server/. If SSL certificate and the server are properly configured, you will see a CLOSED padlock icon in the address bar.