Text Box:

Home About NHS SSL Apply for cert Information Terms Help

Installing your SSL Server Certificate - Apache mod_ssl

Step one: Copy your certificate to file

You will receive an email from the Registration Authority when your certificate request has been approved that contains a link to a location where your certificate may be obtained.  Clicking on this link will bring up a browser window that contains the details of your issued certificate and includes a section that looks something like the following:

-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----

Copy everything you see between and including the lines that look like
-----BEGIN CERTIFICATE-----
and
 -----END CERTIFICATE-----

and paste it into an appropriately named text file e.g. myserver.cert

Copy this certificate file into the directory that you will be using to hold your certificates. 

e.g. /usr/local/apache/conf/ssl.crt/  or  /etc/httpd/conf/ssl.crt/

In this example we will use:

  • /etc/httpd/conf/ssl.crt/   as the location where the certificate will be stored
  • /etc/httpd/conf/ssl.key/   as the location where the corresponding private key is stored.
  • /etc/httpd/conf/ca-bundle/   as the location where the CA bundle file will be stored

It is recommended that you make the directory that contains the private key file only readable by root.

Step two: Install the CA Certificates

You will need to install the CA certificates in order for your webserver to use your SSL certificate properly.  Apache users do not neded to install these certificates individually.  Instead you can install the CA certificates using a 'bundle' method.

In the Virtual Host settings for your site, in the httpd.conf file, you will need to complete the following:

  1. Copy the PEM format Bundled CA certificate file (full CA chain) to the directory in which ca-bundled files are stored e.g. /usr/local/apache/conf/ca-bundle/  or  /etc/httpd/conf/ca-bundle/
  2. Add the following line to the SSL section of the httpd.conf (assuming /etc/httpd/conf/ca-bundle/ is the directory to where you have copied the CA Bundle file). if the line already exists amend it to read the following:

SSLCACertificateFile /etc/httpd/conf/ca-bundle/cachainpem.txt

If you are using a different location and certificate file names you will need to change the path and filename to reflect your server.

The SSL section of the updated httpd config file should now read something similar to this example (depending on your naming and directories used):

SSLCertificateFile /etc/httpd/conf/ssl.crt/myserver.cert

SSLCertificateKeyFile /etc/httpd/conf/ssl.key/myserver.key
SSLCACertificateFile /etc/httpd/conf/ca-bundle/cachainpem.txt

Save your httpd.conf file and restart Apache.

All Third Party Trademark Rights Acknowledged.

This document is licensed for use only in conjunction with the use of Trustis Limited Trust Services.

Copyright © Trustis Limited 2010, All rights reserved. Trustis FPS Healthcare is not responsible for the content of external websites.