Apache from version 2.4.8.- Certificate installation
After issuing the certificate shall be sent by e-mail. The certificate can also be downloaded in the Control Panel.
The certificate file has the same name as the domain name which it was issued for, for example www_sslcertificaten_nl.crt unless there is a multi-domain certificate; in that case, the filename is a number.
To install the certificate it has to be added to the configuration file. Since Apache 2.4.8 there is a new method for which the certificate is combined with the root and intermediate certificates. The latter is not anymore separately put in the configuration. The previously used method works at the time of writing, but it is unclear until when this method will be supported. It is therefore advisable to comply to the new procedure when working with Apache 2.4.8 or later. The method used to combine the certificates in the correct manner and configuring Apache is described below.
Copy the certificate to the directory where the certificates are stored and where the private key is stored in. In the manual to create the CSR using OpenSSL was used for example
/etc/ssl/cert/ . The file containing the private key is called in this example www_sslcertificaten_nl.key and file the certificate is called www_sslcertificaten_nl.crt.
Download the root and intermediate certificates. The root and intermediate certificates must be installed on the server so that browsers and other clients will trust the certificate.
The combined file should eventually include all certificates to be used in the following order:
code from your SSL Certificate
code from 2nd Intermediate certificate (when required)
code Intermediate certificate
code Root certificate
This file can be created with the cat command:
cat www_sslcertificaten_nl.crt 2nd_intermediate.crt 1st_intermediate.crt root.crt > certificate_bundle.crt
Replace in the example above the bold file names by their own file names.
Certificate installation including Root and intermediate certificates
After combining all these certificates they can be declared together with the private key to be included in the Apache configuration:
- Open the configurationfile, like httpd.conf, with your favorite texteditor.
[root@server /]# nano /etc/httpd/conf.d/httpd.conf
- Navigate to the SSLEngine-part and modify or add the following lines:
SSLCertificateKeyFile /etc/httpd/conf.d/www_sslcertificaten_nl.keyNoteChange the names and/or paths to the corresponding files, depending on the operationsystem of the server.
- Save the modifications and reload Apache:
[root@server /]# apachectl stop
[root@server /]# apachectl start
All requirements have been completed now regarding the installation of the certificate. Make sure that the files are secured and that you maintain a backup in a secured space.