How to install a SSL Certificate for Convalent Apache ERS 3 & Above


Step 1: Obtain Intermediate CA Certificate

  • Copy the Intermediate CA certificate from your Secure128 portal under “Order Details”.
  • Be sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.

Step 2: Obtain and Install your SSL Certificate

  • The SSL certificate will be sent by email. The certificate is included as an attachment (Cert.cer) and it is also imbedded in the body of the email. Copy the certificate.
  • The text file should look like this:

-----BEGIN CERTIFICATE----- [encoded data] -----END CERTIFICATE-----

  • Be sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
  • To follow the naming convention for Apache, rename the certificate filename with the .crt extension. For example: public.crt
    • Copy the Certificate into the directory that you will be using to hold the certificates. In For example: /usr/local/ssl/crt/

Step 3: Configure the Server

NOTE: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start.

  • In order to use the key pair, the httpd.conf or ssl.conf file will need to be updated.
  • In the Virtual Host section of the httpd.conf or ssl.conf file, verify that there are the following 3 directives within this Virtual Host.
  • Please add them if they are not present:
    • SSLCertificateFile /usr/local/ssl/crt/public.crt
    • SSLCertificateKeyFile /usr/local/ssl/private/private.key
    • SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt

NOTE: Some versions of Apache will not accept the SSLCertificateChainFile directive. Try using SSLCACertificateFile instead.

The first directive tells Apache how to find the Certificate File, the second one where the private key is located, and the third line the location of the intermediate certificate.

  • If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path and filename to reflect your server.
  • Save your httpd.conf or ssl.conf file and restart Apache. You can most likely do so by using the apachectl script:
    • apachectl stop
    • apachectl startssl

Verify your Certificate is installed correctly

BACK