Text Box:

Home About NHS SSL Apply for cert Information Terms Help

Installing your SSL Server Certificate - C2Net Stronghold

Note: You must install both the bundle CA certificate and your server certificate to provide secure access to your Web server.

You will receive an email from the Registration Authority when your certificate request has been approved that contains a link to a location where your server certificate may be obtained.  Clicking on this link will bring up a browser window that contains the details of your issued certificate and includes a section that looks something like the following:

-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----

Copy everything you see between and including the lines that look like
-----BEGIN CERTIFICATE-----
and
 -----END CERTIFICATE-----

and paste it into an appropriately named text file e.g. myserver.cert

Installing CA certificates

On startup, Stronghold loads CA certificates from the file specified by the SSLCACertificateFile entry in its 'httpd.conf' file.
To install the PEM format bundled CA certificate file, reference it in the httpd.conf file. as follows

  • Ensure that you have saved the PEM format bundled CA certificate as a text file.
  • Open your 'httpd.conf' file and find the SSLCACertificateFile entry.  By default the entry will be SSLCACertificateFile='/ssl/CA/client-rootcerts.pem'.  You will find 'httpd.conf' in the directory /conf.
  • Open the file identified by SSLCACertificateFile (for example, /ssl/CA/client-rootcerts.pem) in a text editor.
  • Open the file that contains the PEM format bundled CA certificates (e.g. cachainpem.txt) in a text editor.
  • Copy the contents of this PEM format bundled CA certificate file
    (including all the '-----BEGIN CERTIFICATE-----' and '-----END CERTIFICATE-----' lines)
    to the clipboard.
  • Now Paste what you have just copied into the file identified by SSLCACertificateFile.
    In most cases you will want to insert the bundle CA certificate at the end of the file and add a comment to identify the certificate.
  • Save the modified file and close the text editor.
  • Restart your web server.

Installing the server certificate

  • Save your server certificate as a text file.
  • Install the new certificate using getca, this utility is normally installed in /bin:

    getca myhostname < /server certificate file location and name
    Where: myhostname is the common name of the Web server for which the certificate was requested (this is the same as specified when you ran genkey) and '/server certificate file location and name' is the name of the server certificate file. This will save the certificate in the file /ssl/certs/myhostname.cert.
  • Restart your web server.

All Third Party Trademark Rights Acknowledged.

This document is licensed for use only in conjunction with the use of Trustis Limited Trust Services.

Copyright © Trustis Limited 2010, All rights reserved. Trustis FPS Healthcare is not responsible for the content of external websites.