After the purchase and release of SSL-certificate, you will receive a letter by mail with zip-archive, which will contain 2 files “namedomaine.ca-bundle” and “namedomaine.crt”. The first file contains the intermediate and root certificates, while the second is a certificate for your domain. (or codes of the certificate and CA certificate as a text file, in that case you need to create the files on your own).

Step 1. Copy on the server, into the directory where the Private Key is situated, files namedomaine.ca-bundle and domainname.crt.

For example, using the directory ‘/etc/ssl/youcrt/’. As ‘private.key’ shall mean Private key, and as ‘yourNAMEDOMAINE.crt’ – public key.

Note: we recommend to create a directory that will be visible only to the root directory, and transfer the private key to it.

Tip: for a given directory set the read permissions only for root user.

Step 2. Install root and intermediate certificates on the server.

2.1. In a text editor, open the configuration file of your server Apache 2.x httpd.conf. There you will find the VirtualHost, which refers to the SSL-certificate. It should contain the following three lines:

SSLCertificateChainFile /etc/ssl/youcrt/namedomaine.ca-bundle
SSLCertificateFile /etc/ssl/youcrt/namedomaine.crt
SSLCertificateKeyFile /etc/ssl/youcrt/private.key

If they are missing, add them.

For Apache 1.x use the directive SSLCACertificateFile instead of SSLCertificateChainFile:

SSLCACertificateFile /etc/ssl/youcrt/namedomaine.ca-bundle

Note: Virtual Host section may also be in ssl.conf file.

2.2. Before closing the text editor, save all changes.

2.3. Restart or launch Apache web server.

Additional information

httpd.conf file for IP-based site should contain some or all of the following lines. Lines that are highlighted in bold are used for SSL configuring. Lines that are in italics are used for debugging.

DocumentRoot /var/www/html 
ServerName 192.168.1.98 
ServerAdmin admin@your.domain 
ErrorLog /etc/httpd/logs/ssl_error_log 
TransferLog /etc/httpd/logs/ssl_access_log 
SSLEngine On 
SSLCertificateFile /etc/ssl/youcrt/namedomaine.crt 
SSLCertificateKeyFile /etc/ssl/youcrt/namedomaine.key 
SSLCertificateChainFile /etc/ssl/youcrt/namedomaine.ca-bundle 
SSLSessionCache dbm:/var/cache/httpd/ssl_cache

More information about configuring the Apache web server is contained on the site http://httpd.apache.org/docs-2.0/mod/mod_ssl.html.
To check the SSL settings and accuracy of their work, use a web browser. To do this, write in the address bar https://your server/. If SSL certificate and the server are properly configured, you will see a CLOSED padlock icon in the address bar.

Leave a Reply

Your email address will not be published. Required fields are marked *