Ask a Question

Solution ID : SO15221

Last Modified : 05/02/2018

Install a GeoTrust True BusinessID with EV on a Cpanel Mail server

Problem

How do I install a GeoTrust True BusinessID with EV on a Cpanel Mail server

Solution

To install your GeoTrust True BusinessID with EV on a CPanel Mail Server, perform the following steps:
 
This document provides instructions for installing your SSL certificate. If you are unable to use these instructions for your server, we recommend that you contact either the vendor of your software or an organization that supports CPanel Mail Server.

 
Step 1: Obtain the GeoTrust SSL Extended Validation Intermediate CA Certificate
 
a) Download the GeoTrust EV Intermediate CA Certificate from the following solution: INFO1421
 
Note: Be sure to use Vi or Notepad as word processing programs like Microsoft Notepad may add additional characters that may render the certificate unusable.
 
b) Copy and paste the GeoTrust EV Intermediate CA Certificate into a text file and save as "intermediate.pem".

 
Step 2: Download your certificate
 
  1. Download your certificate as per the instruction on the following solution:
     
    • GeoTrust Security Center, refer to solution SO22158
    • GeoTrust Enterprise Security Center, refer to solution SO21128
    • GeoTrust User Portal (e.g., certificate purchased through Retail or Partners), refer to solution SO15168
       
  2. Save the certificate file with a .pem extension. For example: cert.pem
     
Step 3:  Install the certificate 
 
First, import the GeoTrust root certificate into the server. The GeoTrust True BusinessID with EV root certificate can be picked up here: https://www.geotrust.com/resources/root-certificates/index.html
  1. Copy the GeoTrust root certificate into a text editor such as notepad and save as root.pem.
  2. Create a new file (yourcert.pem) consisting of your private key and your certificate file:

    -----BEGIN RSA PRIVATE KEY-----
    encoded key]
    -----END RSA PRIVATE KEY-----
    [empty line]
    -----BEGIN CERTIFICATE-----
    [encoded certificate]
    -----END CERTIFICATE-----
    [empty line]
     
  3. Then save the file as yourcert.pem in the /etc/ssl/certs/ directory.
     
  4. Copy the root.pem file to the /etc/ssl/certs/ directory.

  5. Copy the intermediate.pem file to the /etc/ssl/certs/ directory.

  6. When setting up the SSL support you will need to access the stunnel configuration file which will probably be available at etc/stunnel/default/stunnel.conf.

  7. Open the stunnel.conf and locate the following directives (they may be commented out by #). It may be necessary to add the above directives if they are not present.
     
    verify=3
     
    CAfile=/etc/ssl/certs/root.pem
    CAfile=/etc/ssl/certs/intermediate.pem
    cert=/etc/ssl/certs/yourcert.pem

  8. Restart the web / mail service for the installation to be completed. In some instances, it may be necessary to physically restart the actual machine.
     

Step 4:  Verify certificate installation

  1. To verify if your certificate is installed correctly, use the GeoTrust Installation Checker