Installing your SSL Server Certificate on your Linux server
Posted by on 2016-09-29 13:45

Installing your SSL Server Certificate 

Step one: Copy your certificate to file

You will receive an email from the Registration Authority when your certificate request has been approved that contains a link to a location where your certificate may be obtained.  Clicking on this link will bring up a browser window that contains the details of your issued certificate and includes a section that looks something like the following:

-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----

Copy everything you see between and including the lines that look like
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----

and paste it into an appropriately named text file e.g. server.crt

Copy this certificate file into the directory that you will be using to hold your certificates. 

e.g.  /etc/httpd/conf/ssl.crt/

In this example we will use:

  • /etc/httpd/conf/ssl.crt/   as the location where certificates will be stored
  • /etc/httpd/conf/ssl.key/   as the location where the server's private key is stored.
  • /etc/httpd/conf/ca-bundle/   as the location where the CA bundle file will be stored

It is recommended that you make the directory that contains the private key file only readable by root.

Step two: Install the CA Certificates

You will need to install the CA certificates in order for your webserver to use your SSL certificate properly.  Apache users do not neded to install these certificates individually.  Instead you can install the CA certificates using a 'bundle' method.

In the Virtual Host settings for your site, in the httpd.conf file, you will need to complete the following:

  1. Copy the PEM format Bundled CA certificate file (full CA chain) to the directory in which ca-bundled files are stored e.g.   /etc/httpd/conf/ssl.crt/
  2. Add the following line to the SSL section of the httpd.conf (assuming /etc/httpd/conf/ssl.crt/ is the directory to where you have copied the CA Bundle file). if the line already exists amend it to read the following:

SSLCACertificateFile /etc/httpd/conf/ssl.crt/cachainpem.txt

If you are using a different location and certificate file names you will need to change the path and filename to reflect your server.

The SSL section of the updated httpd config file should now read something similar to this example (depending on your naming and directories used):

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt 

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key


SSLCACertificateFile /etc/httpd/conf/ssl.crt/cachainpem.txt

Save your httpd.conf file and restart Apache.