These steps tells how to install SecureNT Intranet SSL Certificate in Apache Web Server environment. Apache could be on any flavour of Linux or on Windows.
Follow these steps to install SecureNT Intranet SSL on Apache web server in Linux or Windows environment.
1. Copy the required certificate files to your server from the supplied zip file.
-
- server.cer (File #1)
- SecureNT CA-Bundle.cer (File #5)
- Copy these files, along with the .key file (Private Key) you generated when creating the CSR, to the directory on the server where you keep your certificate and key files. Use serverkey.cer (File #2, Private Key) when generated by SecureNT.
Note: Make them readable by root only, to increase security.
2. Find the Apache configuration file (httpd.conf) you need to edit.
The location and name of the configuration file can vary from server to server—especially if you’re using a special interface to manage your server configuration.
-
- Apache’s main configuration file is typically named httpd.conf or apache2.conf. Possible locations for this file include /etc/httpd/ or /etc/apache2/. For a comprehensive listing of default installation layouts for Apache HTTPD on various operating systems and distributions, see Httpd Wiki – DistrosDefaultLayout.
- Often, the SSL certificate configuration is located in a block in a different configuration file. The configuration files may be under a directory like /etc/httpd/vhosts.d/, /etc/httpd/sites/, or in a file called httpd-ssl.conf.
One way to locate the SSL Configuration on Linux distributions is to search using grep, as shown in the example below.
Run the following command:
grep -i -r “SSLCertificateFile” /etc/httpd/
Note: Make sure to replace /etc/httpd/ with the base directory for your Apache installation.
3. Configure the block for the SSL-enabled site
a. Below is a very simple example of a virtual host configured for SSL. The parts listed in blue are the parts you must add for SSL configuration.
DocumentRoot /var/www/html2
ServerName www.yourdomain.com
SSLEngine on
SSLCertificateFile /path/to/server.cer
SSLCertificateKeyFile /path/to/your_private.key
SSLCertificateChainFile /path/to/SecureNT CA-Bundle.cer
b. Make sure to adjust the file names to match your certificate files.
-
- SSLCertificateFile is your SecureNT certificate file (e.g., server.cer).
- SSLCertificateKeyFile is the .key file generated when you created the CSR (e.g., serverkey.cer or your_private.key).
- SSLCertificateChainFile is the SecureNT CA certificate file Bundle (e.g., SecureNT CA-Bundle.cer)
Note: If the “SSLCertificateChainFile” directive does not work, try using the “SSLCACertificateFile” directive instead.
4. Test your Apache configuration file before restarting.
As a best practice, check your Apache configuration file for any errors before restarting Apache.
Caution: Apache won’t start again if your configuration files have syntax errors.
Run the following command to test your configuration file (on some systems, it’s apache2ctl):
apachectl configtest
5. Restart Apache.
You can use apachectl commands to stop and start Apache with SSL support.
apachectl stop
apachectl start
Restart Notes:
If Apache doesn’t restart with SSL support, try using apachectl startssl instead of apachectl start. If SSL support only loads with apachectl startssl, we recommend you adjust the apache startup configuration to include SSL support in the regular apachectl start command. Otherwise, your server may require to manually restart Apache using apachectl startssl in the event of a server reboot. This usually involves removing the and tags that enclose your SSL configuration.
Leave a Reply