Installing your SSL Server Certificate - C2Net Stronghold
Note: You must install both the bundle CA certificate and your server certificate to
provide secure access to your Web server.
You will receive an email from the Registration Authority when your certificate request
has been approved that contains a link to a location where your server certificate may be
obtained. Clicking on this link will bring up a browser window that contains the
details of your issued certificate and includes a section that looks something like the
following:
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----
Copy everything you see between and including the lines that look like
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
and paste it into an appropriately named text file e.g. myserver.cert
Installing CA certificates
On startup, Stronghold loads CA certificates from the file specified by the
SSLCACertificateFile entry in its 'httpd.conf' file.
To install the PEM format bundled CA certificate file, reference it in the httpd.conf
file. as follows
- Ensure that you have saved the PEM format bundled CA certificate as a text file.
- Open your 'httpd.conf' file and find the SSLCACertificateFile entry. By default
the entry will be SSLCACertificateFile='/ssl/CA/client-rootcerts.pem'. You will find
'httpd.conf' in the directory /conf.
- Open the file identified by SSLCACertificateFile (for example,
/ssl/CA/client-rootcerts.pem) in a text editor.
- Open the file that contains the PEM format bundled CA certificates (e.g. cachainpem.txt)
in a text editor.
- Copy the contents of this PEM format bundled CA certificate file
(including all the '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' lines)
to the clipboard.
- Now Paste what you have just copied into the file identified by SSLCACertificateFile.
In most cases you will want to insert the bundle CA certificate at the end of the file and
add a comment to identify the certificate.
- Save the modified file and close the text editor.
- Restart your web server.
Installing the server certificate
- Save your server certificate as a text file.
- Install the new certificate using getca, this utility is normally installed in /bin:
getca myhostname < /server certificate file location and name
Where: myhostname is the common name of the Web server for which the certificate was
requested (this is the same as specified when you ran genkey) and '/server certificate
file location and name' is the name of the server certificate file. This will save the
certificate in the file /ssl/certs/myhostname.cert.
- Restart your web server.
Copyright © Trustis Limited 2010. All
Rights Reserved
This document is licensed for use only in conjunction with the use of Trustis Trust
Services