Apache + Mod SSL + Open SSL
Installing your SSL Certificate / Web Server Certificate / Secure Server Certificate
Firstly when your issuance email arrives it will contain your web server certificate. Copy your web server certificate into a text editor such as notepad including the header and footer. You should then have a text file that looks like:
-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----
Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
1. Save the certificate file in your text editor as domainname.crt Note: The examples below use the following naming conventions: "Your Private Key" = "domainname.key"; "Your Web Server Certificate" = "domainname.crt"
2. Copy the certificate to the Apache server directory in which you plan to store your certificates (by default: /usr/local/apache/conf/ssl.crt/ or /etc/httpd/conf/ssl.crt/).
3. Open the Apache httpd.conf file in a text editor. Locate the SSL VirtualHost associated with your certificate. Verify that you have the following 2 directives within this virtual host. Please add them if they are not present:
SSLCertificateFile /usr/local/apache/conf/ssl.crt/domainname.crt
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/domainname.keyNote that some instances of Apache will store Virtual Host information in a ssl.conf file. If your httpd.conf contains no Virtual Host information then you will need to locate and amend the ssl.conf as above.
4. Save the changes and exit the editor.
5. Start or Restart your apache web server.
Additional information
Your httpd.conf should contain some or all of the following directives (for an IP based site). Those directives marked in bold are SSL related. Those directives marked in italics should only be used for troubleshooting.
<VirtualHost 192.168.1.1:443>
DocumentRoot /var/www/html
ServerName 192.168.1.98
ServerAdmin someone@your.domain
ErrorLog /etc/httpd/logs/ssl_error_log
TransferLog /etc/httpd/logs/ssl_access_log
SSLEngine On
SSLCertificateFile /etc/httpd/conf/ssl.crt/domainname.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/domainname.key
SSLSessionCache dbm:/var/cache/httpd/ssl_cache
SSLSessionCacheTimeout 300
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown downgrade-1.0 force-response-1.0
</VirtualHost>SSLSessionCache & SSLSessionCacheTimeout prevent known issues with Mac Internet Explorer compatibility with Apache. You are only advised to add these directives if you are experiencing Mac compatibility issues.
SetEnvIf User-Agent fixes the Intermittant Server Errors associated with some versions of Windows Internet Explorer. You are only advised to add this directive if you are experiencing compatibility issues with old versions of Internet Explorer.For more information about configuring Apache, please review http://httpd.apache.org/docs-2.0/mod/mod_ssl.html
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL
