Ask a Question

Solution ID : SO21505

Last Modified : 05/02/2018

ECC Installation Instructions for Apache

Solution

 
This document provides instructions for installing SSL Certificates for Apache. If you are unable to use these instructions for your server, Symantec recommends that you contact either the vendor of your software or an organization that supports Apache-SSL.

Watch a video demo to easily install an SSL Certificate on an Apache server
 

 
 
 

NOTE: If the Apache server is being configured to support SSL and Client Authentication please see solution SO3921.
 
Step 1: Download the ECC Symantec Intermediate CA certificate
 
  1. Go to: Intermediate CA Certificates page
  2. Under ECC section, select the appropriate Intermediate CAs for your SSL product.
    NOTE: If you are not sure which certificate you have purchased, follow the steps from the following links.
    • Certificates issued from Managed PKI for SSL, refer to solution SO22021
    • Certificates issued from Symantec Trust Center, refer to solution SO13499
       
  3. Copy the Intermediate CA into a text file and name it intermediate.crt
  4. This file can be placed in the same directory as the SSL Certificate. For example: /usr/local/ssl/crt
     
Step 2: Install the SSL Certificate
 
  1. The Symantec certificate will be sent by email. If the certificate is included as an attachment (Cert.cer), you may use the file
    or if the certificate is imbedded in the body of the email, copy and paste it into a text file using Vi or Notepad.

    The text file should look like:

    -----BEGIN CERTIFICATE-----

    [encoded data]


    -----END CERTIFICATE-----
     
  2. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces,
    extra line breaks or additional characters have been inadvertently added.

    NOTE:
    • To download the certificate from the Managed PKI for SSL subscriber services page, refer to solution SO6621
      When downloading the certificate, please select X.509 as a certificate format and copy only the End Entity Certificate.
    • To download the certificate from Symantec Trust Center, refer to solution SO8061
      When downloading the certificate, please select X.509 as a certificate format and copy only the End Entity Certificate.
       
  3. To follow the naming convention for Apache, rename the certificate filename with the .crt extension. For example: public.crt
  4. Copy the Certificate into the directory that you will be using to hold the certificates. In For example: /usr/local/ssl/crt/.
 
Step 3: Configure the Server
 
         NOTE: Some instances of Apache contain both a httpd.conf and ssl.conf file. Enter or amend the httpd.conf or the ssl.conf with
         the bellow directives. Do not enter both as there will be a conflict and Apache may not start.
 
  1. In order to use the key pair, the httpd.conf or ssl.conf file will need to be updated.
  2. In the Virtual Host section of the httpd.conf or ssl.conf file, verify that there are the following 3 directives within this Virtual Host.

    Please add them if they are not present: 

    SSLCertificateFile /usr/local/ssl/crt/public.crt  

    SSLCertificateKeyFile /usr/local/ssl/private/private.key  

    SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt

    NOTESome versions of Apache will not accept the SSLCertificateChainFile directive. Try using SSLCACertificateFile instead.

    For example



    NOTE: The first directive tells Apache how to find the Certificate File, the second one where the private key is located, and the third line the location of the intermediate certificate.
    If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path and filename to reflect your server.
     
  3. Save your httpd.conf file and restart Apache. You can most likely do so by using the apachectl script:  

    apachectl stop  

    apachectl startssl
     
  4. You should now be set to start using your Symantec certificate with your Apache-SSL Server.
  5. Verify your installation with the Symantec Installation Checker

To install multiple types of certificates algorithms (RSA, DSA or ECC) in parallel on Apache, refer to this link: SO21758.

Apache-SSL
 
          For more information, see the Apache Support website.