HOME | FAQ | CONTACT

Installing an SSL certificate on Apache Mod_SSL / OpenSSL

Part one: Copy your certificate to file

  1. You will receive an email from Secure Business Services with the certificate in the email. The certificate looks something like this:

    -----BEGIN CERTIFICATE-----
    MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
    UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
    (.......)
    E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
    K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
    -----END CERTIFICATE-----

  2. Copy and Paste your Certificate, including the -----BEGIN----- and -----END----- strings, into a text editor and save to the directory that holds your certificates. We recommend that you name the file YourDomainName.crt and save it to the directory that contains your CSR and other .crt files. This example uses /etc/ssl/crt/, but the location of this directory varies from version to version of Apache. This directory should already contain both the default public key (ServerName.crt) and private key (private.key) files.

    We recommend that you restrict permissions so that the directory that contains the private key file is readable only by root.

Part two: Install the Certificate Chain

This is the certificate that starts Secure Business Services. Installing the Certificate Chain allows browsers to recognize the certificate for your domain name. In the relevant Virtual Host section for your site, complete the following:

  1. Confirm which certificate you purchased, and determine which chain file to download.

    To confirm which certificate you purchased, review your order confirmation.

    • If you purchased SBS Instant, download chain A below.

    • If you purchased SBS Secure or Secure Plus, download chain B below.

    A -- SBS Instant

    -OR-

    B -- SBS Secure and Secure Plus

  2. Download the certificate chain. To download, right-click each certificate file name and select Save Target As.

    Save the certificate chain to the same directory where you saved the certificate for your domain name.

  3. Open the httpd.conf file and add or edit the following line to the SSL section (assuming /etc/ssl/crt/ is the directory to which you have saved the Chain Certificate file):

    SSLCACertificateFile /etc/httpd/conf/InstantValidationCertChain.crt
    or
    SSLCACertificateFile /etc/httpd/conf/FullValidationAddTrustCertChain.crt

    If you are using different location and certificate file names, change the path and file name to reflect the path and file name that you are using. The SSL section of the updated config file should now read similar to this example (depending on the file name and directories used):

    For SBS Instant:

    SSLCertificateFile /etc/ssl/crt/YourDomainName.crt
    SSLCertificateKeyFile /etc/ssl/crt/private.key
    SSLCACertificateFile /etc/ssl/crt/InstantValidationCertChain.crt

    For SBS Secure and SBS Secure Plus:

    SSLCertificateFile /etc/ssl/crt/YourDomainName.crt
    SSLCertificateKeyFile /etc/ssl/crt/private.key
    SSLCACertificateFile /etc/ssl/crt/FullValidationAddTrustCertChain.crt

    Be sure to verify the directory paths and file names.

  4. Save your config file and restart Apache.




Copyright © 2008 Secure Business Services, All rights reserved. Terms of Service | Privacy Policy