Ask a Question

Advanced Search

Alert ID : INFO255

Last Modified : 05/17/2018

Managed PKI for SSL - Installation Instructions for Stronghold


This document provides instructions for installing SSL Certificates.  If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Stronghold.

Step 1. Download the Symantec Intermediate CA Certificate

  1. Download the Intermediate CA certificate from this link.
  2. Select the Managed PKI for SSL tab.
  3. Select the appropriate Intermediate CA certificate based on your SSL certificate product type.
    NOTE: Click here for steps to check which certificate type you have purchased.
  4. Copy the Intermediate CA certificate and paste it on a Notepad or Vi document.
  5. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces,
    extra line breaks or additional characters have been inadvertently added.
  6. Save the file as intermediate-ca.crt. The file can be saved somewhere easy to access.  For example: /usr/local/ssl
  7. Paste the conents into the file "ssl/certs/intermediate-ca.cert" located in your ServerRoot directory.
  8. Change the SSLCACertificateFile directive in your httpd.conf file to this: SSLCACertificateFile certs/intermediate-ca.crt

Step 2. Obtain your SSL Certificate

  1. Once your Managed PKI for SSL administrator has approved your Certificate request, you will receive an email with the Certificate.
  2. Copy the certificate, imbedded in the body of the email and paste it into a text file using Vi or Notepad.
    NOTE: Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines
    or spaces in the file.

    The text file should look like:


              [encoded data]

    -----END CERTIFICATE-----

    NOTE: Click here for steps to download the certificate from your Managed PKI for SSL subscriber services page
    Please select X.509 as a certificate format and copy only the End Entity Certificate.
  3. Save the certificate as public.crt
Step 3. Install the SSL Certificate
  1. Run getca and specify both the name of the server that owns the certificate and the name of the temporary certificate file. 
    For example: # getca hostname /tmp/<temp-file-name> 
  2. This saves the SSL Certificate to the file SSLTOP/certs/hostname.cert Remove the temporary file.
    For example: # rm/tmp/<temp-file-name> 
  3. Restart the server.
  4. To verify if your certificate is installed correctly, use the Symantec Installation Checker

           For more information, refer to the Stronghold Suport Website