Ask a Question

Advanced Search

Alert ID : INFO1951

Last Modified : 05/17/2018

Managed PKI for SSL - Installation Instructions for Covalent Apache ERS v 2.4 or earlier

Description

 
This document provides instructions for installing SSL Certificates for Covalent Apache ERS v 2.4 and earlier. If you are unable to use these instructions for your server, Symantec recommends that you contact Covalent.
  

Step 1: Download the Symantec Intermediate CA Certificate

  1. Download the Intermediate CA certificate from this link: INFO657
  2. Select the appropriate Intermediate CA certificate for your SSL Certificate type.
    NOTE: If you are not sure which certificate you have purchased, follow the steps from this link: SO22021
  3. Copy the Intermediate CA Certificate into a text file and name it intermediate.crt
  4. This file can be placed in the same directory as the SSL Certificate. For example: /usr/local/ssl/crt
     

Step 2: Install the SSL Certificate

  1. The Symantec certificate will be sent by email.
  2. Copy the certificate imbedded in the body of the email and paste it into a text file using Vi or Notepad.

    The text file should look like:

    -----BEGIN CERTIFICATE-----

    [encoded data]

    -----END CERTIFICATE-----

     
  3. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces,
    extra line breaks or additional characters have been inadvertently added.

    NOTE: To download the certificate from your Managed PKI for SSL subscriber services page, see solution SO6621
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
     
  4. To follow the naming convention for Apache, rename the certificate filename with the .crt extension. For example: public.crt
  5. After you receive your signed Server Certificate, copy it to a temporary directory.
  6. Select Install CA Signed Certificate from the Covalent SSL Certificate and Key Management Tool. You are prompted for the
    path to the temporary directory that contains the signed server certificate file. Covalent SSL installs the signed server certificate:
  • The signed server certificate is stored in the directory /path/to/ssl1.5/certs.
    Its name is the same as it was as a temporary server certificate, yourserver.domain.cert (for example: www.covalent.net.cert).
    NOTE: The process of signing your server certificate has no effect on your private key. It is necessary and valid for its
    corresponding server certificate. 
     
  • The Private Key is stored in the directory /path/to/ssl1.5/keys
    Its name is yourserver.domain.key (for example: www.covalent.net.key). 
     
  1. In the Virtual Host settings for your site, in the httpd.conf file, you will need to add the following SSL directive:

    SSLCACertificateFile /path/to/ssl1.5//intermediate.crt

    NOTE: This directive specifies the location of the intermediate certificate. If you are using a different location or certificate file name than
    the example above (which most likely you are) you will need to change the path and/or filenames.
  2. If your server is running, stop the server by executing: /path/to/apache1.3/bin/covalent-faststart-ctl stop
  3. Start the server with Covalent SSL by executing: /path/to/apache1.3/bin/covalent-faststart-ctl startssl
    NOTE: During server start-up, you will be prompted to enter the pass phrase for the server certificate.
  4. Back up the signed server certificate and store it with a backup of its corresponding private key.
  5. To verify if your certificate is installed correctly, use the Symantec Installation Checker.