How to Install and Configure SecureNT Intranet SSL Certificate on Your Apache Server ?

1. Copy the required certificate files to your server from the supplied zip file.

   a. server.cer (File #1)
   b. SecureNT CA-Bundle.cer (File #5)

   Copy these files, along with the .key file (Private Key) you generated when creating the CSR, to the directory on the server where you keep your certificate and key files. Use serverkey.cer (File #2, Private Key) when generated by SecureNT.
   Note: Make them readable by root only to increase security.

2. Find the Apache configuration file (httpd.conf) you need to edit.
   The location and name of the configuration file can vary from server to server—especially if you're using a special interface to manage your server configuration.

   • Apache's main configuration file is typically named httpd.conf or apache2.conf. Possible locations for this file include /etc/httpd/ or /etc/apache2/. For a comprehensive listing of default installation layouts for Apache HTTPD on various operating systems and distributions, see Httpd Wiki - Distros Default Layout.
   • Often, the SSL certificate configuration is located in a block in a different configuration file. The configuration files may be under a directory like /etc/httpd/vhosts.d/, /etc/httpd/sites/, or in a file called httpd-ssl.conf.

One way to locate the SSL Configuration on Linux distributions is to search using grep, as shown in the example below. Run the following command:

grep -i -r "SSLCertificateFile" /etc/httpd/

Note: Make sure to replace /etc/httpd/ with the base directory of your Apache installation.

3. Configure the block for the SSL-enabled site

   a. Below is a very simple example of a virtual host configured for SSL. The parts listed in blue are the parts you must add for SSL configuration.

<VirtualHost 192.168.0.1:443>
    DocumentRoot /var/www/html2
    ServerName www.yourdomain.com
        SSLEngine on
        SSLCertificateFile /path/to/server.cer
        SSLCertificateKeyFile /path/to/your_private.key
   SSLCertificateChainFile /path/to/SecureNT CA-Bundle.cer
</VirtualHost>

b. Make sure to adjust the file names to match your certificate files.

• SSLCertificateFile is your SecureNT certificate file (e.g., server.cer).
• SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., serverkey.cer or your_private.key).

• SSLCertificateChainFile is the SecureNT CA certificate file Bundle (e.g., SecureNT CA-Bundle.cer)

  Note: If the “SSLCertificateChainFile” directive does not work, try using the “SSLCACertificateFile” directive instead.

4. Test your Apache configuration file before restarting.

As a best practice, check your Apache configuration file for any errors before restarting Apache.

Caution: Apache won't start again if your configuration files have syntax errors. Run the following command to test your configuration file (on some systems, it's apache2ctl):

apachectl configtest

5. Restart Apache. You can use apachectl commands to stop and start Apache with SSL support.

   apachectl stop
   apachectl start

Restart Notes: If Apache doesn't restart with SSL support, try using apachectl startssl instead of apachectl start. If SSL support only loads with apachectl startssl, we recommend you adjust the apache startup configuration to include SSL support in the regular apachectl start command. Otherwise, your server may require to manually restart Apache using apachectl startssl in the event of a server reboot. This usually involves removing the <IfDefine SSL> and </IfDefine> tags that enclose your SSL configuration.

Congratulations! You've successfully installed your SSL certificate.