Symantec now offers the Symantec SSL Assistant to make it easy to generate a CSR and install a certificate for Red Hat Secure web servers.
This document provides instructions for installing Managed PKI for SSL certificates. If you are unable to use these instructions for the server, Symantec recommends that you contact either the vendor of your software or an organization that supports Red Hat Secure Web Server.
Step 1: Download and Install Intermediate CA Certificate
- Go to: Symantec Intermediate CA Certificates page.
- Select the Intermediate CA certificate based on your SSL product.
NOTE: If you are not sure which certificate you have purchased, follow the steps from this link.
- Copy the Intermediate CA certificate and paste into a text file using Vi or Notepad.
- Save the file as intermediate.crt.
- The Intermediate CA certificate file can be placed in the same directory as the SSL certificate. For example: /etc/httpd/conf/ssl.crt/intermediate.crt.
Step 2: Install the Certificate
- Once your Managed PKI for SSL administrator has approved the certificate request, you will receive an email with the certificate in the body of an email.
- Copy and paste the certificate it into a text file using Vi or Notepad.
NOTE: Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file.
The text file should look like:
NOTE: Click here to download the certificate from the Managed PKI for SSL subscriber services page.
Please select X.509 as a certificate format and copy only the End Entity Certificate.
- To follow the naming convention for Red Hat, rename the certificate filename with the .crt extension. For example: public.crt
- Copy the certificate file into the directory that you will be using to place the certificates. For example: /etc/httpd/conf/ssl.crt/public.crt.
Step 3: Configure the Server
NOTE: Some instances of Red Hat contain both a httpd.conf and ssl.conf file. Enter or amend the httpd.conf or the ssl.conf with the below directives. Do not enter both as there will be a conflict and Red Hat Secure Web Server may not start.
- In order to use the key pair, the httpd.conf or ssl.conf file will need to be updated.
- In the Virtual Host section of the httpd.conf or ssl.conf file, verify that there are the following 3 directives within this Virtual Host.
Please add the following directives, if they are not present:
NOTE: Some versions of Red Hat will not accept the SSLCertificateChainFile directive. Try using SSLCACertificateFile instead.
NOTE: The first directive tells Red Hat how to find the certificate file, the second one where the private key is located, and the third line the location of the intermediate certificate.
If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path and filename to reflect your server.
- Save your httpd.conf file and restart Red Hat Secure web server. You can most likely do so by using the apachectl script:
- You should now be set to start using your Symantec certificate with your Red Hat Secure Web Server.
- To verify if your certificate is installed correctly, use the DigiCert Installation Checker.
For more information, go to Red Hat Support.