This document provides instructions for installing a SSL certificate on Mac OSX 10.4 and assumes that you created the Private Key and CSR on the command line.
Step 1: Download the updated Intermediate CA bundle
- Download the Intermediate CA certificate from this link.
- Select the appropriate Intermediate CA certificate for your SSL Certificate type.
NOTE: If you are not sure which certificate you have purchased, follow the steps from this link.
- Paste the Intermediate CA certificate by using a plain text editor like TextEdit.app, nano or vi to avoid
adding control characters or special fonts to the certificate file.
- Save the file as /etc/httpd/ssl.crt/intermediate.crt
Step 2: Download the SSL certificate
- The Symantec certificate will be sent by email. If using the certificate included as an attachment (Cert.cer), you may use the file.
If using the certificate imbedded in the body of the email, copy and paste the certificate by using a plain text editor like
TextEdit.app, nano or vi.
The text file should look like:
- Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces,
extra line breaks or additional characters have been inadvertently added.
NOTE: Download the certificate from your Managed PKI for SSL account.
Please select X.509 as a certificate format and copy only the End Entity Certificate.
- To follow the naming convention for Apache, rename the certificate filename with the .crt extension, for example: public.crt
- Copy the Certificate into the directory that you will be using to hold the certificates, for example: /etc/httpd/ssl.crt/public.crt
Step 3: Assign the new SSL certificate to the web site
- Open the Server Admin utility.
- In the Computers & Services column, open out the current server and select Web.
- In the main section of the Server Admin screen, select the Sites tab and double-click the site being secured with SSL.
- Select the Security tab, check the box for Enable Secure Sockets Layer (SSL) if not already checked.
NOTE: If you change this selection, the port number the website operates on may change (a warning will appear if this is the case).
If you need the website to operate in both http and https mode, you need to create a copy of the site in Server Admin.
- In the Certificate: dropdown, select Custom Configuration.
- A dialogue box appears to specify the locations of the certificate and key files.
The below assumes the file locations and names have been left as recommended:
For 'Certificate File', enter /etc/httpd/ssl.crt/public.crt
For 'Private Key File', enter /etc/httpd/ssl.key/private.key
For 'Certificate Authority File', enter /etc/httpd/ssl.crt/intermediate.crt
For 'Private Key Passphrase', leave empty unless a password has been set on the private key
- Click OK on the dialogue box, click Save on the Server Admin window and click Restart when prompted.
NOTE: If there are any errors during the restart process, review the logs to determine the problem - the most common issue is an
incorrectly specified certificate file or a mismatch between the private key and SSL certificate.