Ask a Question

Solution ID : SO15170

How to install a GeoTrust True BusinessID with EV Certificate on Apache

Problem

Install GeoTrust True BusinessID Certificate on Apache

Solution

To install the GeoTrust  Extended Validation (EV) SSL certificate on Apache, follow the instructions below:

This document provides instructions for installing GeoTrust EV SSL Certificates. If you are unable to use these instructions for your server, GeoTrust recommends that you contact either the vendor of your software or an organization that supports Apache-SSL.
 

Watch GeoTrust's Tutorial Videos for a more visual experience!

Note:  If you are unable to view the video, please click here to go directly to the video source.

Step 1: Download the Certificates

  1. Download your certificates as per the instruction on the following solution:
    GeoTrust Security Center
    GeoTrust Enterprise Security Center
    GeoTrust User Portal
    Note:  Please be sure to download the certificate as X.509 and also download the Additional Certificate as this is the Intermediate CA Certificate.
     
  2. To follow the naming convention for Apache, rename the certificate filename with the .crt extension. For example: cert.crt
     
  3. Copy the Certificate into the directory that will be used to hold the certificates. In For example: /usr/local/ssl/crt/.

Step 2: Configure the Server

  1. In order to use the key pair, the httpd.conf file will need to be updated.
  2. In the Virtual Host settings for the site locate the httpd.conf file. Verify that the following 3 directives exist within this Virtual Host. Please add them if they are not present:
    SSLCertificateFile /usr/local/ssl/crt/public.crt
    SSLCertificateKeyFile /usr/local/ssl/private/private.key
    SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt
    Note: Some versions of Apache will not accept the SSLCACertificateFile directive. Try using SSLCertificateChainFile instead.


    The first directive tells Apache how to find the Certificate File, the second one where the private key is located, and the third is the location of the intermediate certificate.

    If using a different location and certificate file names than the example above (which is most often the case ) that information should be reflected on your server.

    Note: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start.
     
  3. Save the httpd.conf file and restart Apache. This may be accomplished by using the apachectl script:

    apachectl stop
    apachectl startssl
     
  4. The GeoTrust SSL certificate should now be ready to use on the Apache server.