Ask a Question

Solution ID : SO15169

Install GeoTrust Certificate on Apache (GeoTrust True BusinessID, Enterprise SSL and Wildcard)

Problem

Install GeoTrust True BusinessID, Enterprise SSL and Wildcard Certificate on Apache

Solution

To install the GeoTrust SSL certificate on Apache, follow the instructions below:

This document provides instructions for installing GeoTrust SSL Certificates. If the instructions below are not sufficient, GeoTrust recommends that the server vendor be contacted or an organization that supports Apache-SSL.

Watch GeoTrust's Tutorial Videos for a more visual experience!

Note:  If you are unable to view the video, please click here to go directly to the video source.

 

Step 1: Download the Certificates

1. Download the certificate as per the instruction on the following solutions.

     GeoTrust Security Center, refer to this solution

     GeoTrust Enterprise Security Center, refer to this solution

     GeoTrust User Portal, refer to this solution

Please be sure to download the certificate as X.509 and also download the Additional Certificate as this is the Intermediate CA Certificate.

2. To follow the naming convention for Apache, rename the certificate filename with the .crt extension. For example: cert.crt

3. Copy the Certificate into the directory that will be used for storing the certificates. For example: /usr/local/ssl/crt/.
 

Step 2: Configure the Server

1. In order to use the key pair, the httpd.conf file will need to be updated.

2. In the Virtual Host settings for the site locate the httpd.conf file. Verify that the following three directives exist within the Virtual Host section. Please add them if they are not present:

SSLCertificateFile /usr/local/ssl/crt/public.crt

SSLCertificateKeyFile /usr/local/ssl/private/private.key

SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
Note: Some versions of Apache will not accept the SSLCACertificateFile directive. Try using SSLCertificateChainFile instead.

The first directive tells Apache how to find the Certificate File, the second one where the private key is located, and the third line references the location of the intermediate certificate.

If you are using a different location and certificate file names than the example above (which is likely) you will need to change the path and filenames to reflect that on your server.

Note: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not modify both files as there will be a conflict and Apache may not start.

3. Save the httpd.conf file and restart Apache. This may be done by using the apachectl script:

apachectl stop

apachectl startssl
 

4. The GeoTrust SSL certificate should now be ready for use on the Apache server.