APACHE: INSTALL YOUR ECC SSL CERTIFICATE:


APACHE: CREATE YOUR ECC CSR (CERTIFICATE SIGNING REQUEST)
1. First, you must copy the Certificate files to your Server:

a. Access you DigiCert Management Console by logging in.

b. Next, you will download both your DigiCert ECC Intermediate and ECC Primary Certificates.

c. Then, copy these files to your server.

d. Select the option to make the certificates readable only through root.

2. Next, locate the Apache Config File to Edit.

The name of the config file is unique from server to server. However, Apache’s is usually named: httpd.conf or apache2.conf. There are a couple locations to check for this file: /etc/httpd/ or /etc/apache2/. For more information on this you can view this link: https://wiki.apache.org/httpd/DistrosDefaultLayout

The SSL Certificate configuration is usually located here: <VirtualHost>

There are three places to look for the configuration files: /etc/httpd/vhosts.d/, /etc/httpd/sites/, or in a file called httpd-ssl.conf.

You can also search using grep as shown below:

“grep -i -r "SSLCertificateFile" /etc/httpd/“

Note that /etc/httpd/ represents the base directory for your Apache installation.

3. Then, for the SSL-Enabled Site configure the <VirtualHost> block.

View the example of a virtual host configured for SSL. Note that the information in bold represents the parts that must be configured for the SSL.

<VirtualHost 192.168.0.1:443>

DocumentRoot /var/www/html2

ServerName www.yourdomain.com

SSLEngine on

SSLCertificateFile /path/to/your_domain_name.crt

SSLCertificateKeyFile /path/to/server.key

SSLCertificateChainFile /path/to/DigiCertCA.crt

</VirtualHost>

For this you will have to adjust the file names to correspond with your files:

SSLCertificateFile: This represents your DigiCert ECC SSL Certificate.

SSLCertificateKeyFile: This represents your key file that you made when you created your CSR.

SSLCertificateChainFile: This represents your ECC Intermediate Certificate file.

TIP: If the SSLCertificateChainFile name does not work, use the SSLCACertificateFile name instead.

5. Next, it is a good idea to test your Apache Config before you restart because Apace will not start again if you have errors. Now, use the following commands to test your config files:

“apachectl configtest” OR you may need to use “apache2ctl configtest” for some systems.

6. Lastly, it is time to Restart Apache. You are able to utilize apachect1 commands to stop and start Apache along with SSL support:

apachectl stop

apachectl start

If the above start option does not work, you can use the apachectl startssl command instead of apachectl start.

There may be an issue if SSL support only appears with apachectl startssl. If this is the case, it is recommended that you tweak the apache startup configuration to include SSL support in the regular apachectl start command. You server may require you to manually restart Apache using apachectl startssl. If this happens it usually means you must remove the <ifdefine ssl> and </<ifdefine> tags in your SSL configuration.

APACHE: CREATE YOUR ECC CSR (CERTIFICATE SIGNING REQUEST)
Back To Guides
Products
Services
Resource Center


        
©2023 The SSL Store™. A subsidiary of DigiCert, Inc. All Rights Reserved. Privacy Policy Terms Of Service