TBS-certificates' FAQ - Frequently Asked Questions > Install a certificate > Install a X509 / SSL certificate on a server ( Web / HTTP / OWA / Email / POP / IMAP / FTP ...) > Install an Apache certificate :

Tweeter

Certificates

Comparison chart

Browsers

SSL EV

SSL Standard

SSL 128-bit

SSL wildcard

SSL SAN

Developer certificate

User certificate

Test certificates

PKI

The Trust Seals

Our products range

TBS X509

VeriSign / Symantec

Thawte

Comodo

GlobalSign

ChamberSign

GeoTrust

Partners

Client login

Open an account

FAQ

The Lab

Focus

VeriSign Trust Seal

Norton Secured Seal

As a VeriSign major partner, TBS internet is the first company in Europe to offer the VeriSign trust logo, the most recognized worldwide. An SSL certificate is no longer required as the seal is available after an organisation audit and comes with a malware detection system. More details...

Install a certificate for Apache release 2 OVH (base gentoo)

You received your certificate by email with one or several intermediary certificates and a root certificate. Keep this email within reach.

1- Retrieve your certificate(s) on your server

Go back where the private key has been generated, for example:

cd /etc/httpd/ssl.crt

In the delivery email you'll find several links. Click on them and download the associated files:

A: your server certificate
B: certification chain (may not be useful for some products)

2- Set up Apache

Edit your Apache 2 configuration file:

/etc/httpd/ssl.conf

If there is just one certificate on this machine, spot the section beginning with:

<VirtualHost _default_:443>

In order to serve your content, edit the line as you wish: DocumentRoot and ServerName

and edit the following instructions to mahke them point to your files:

# SSL configutation
# 40-bit at least
#SSLCipherSuite HIGH:MEDIUM:LOW:EXPORT:!ADH:!DSS:!SSLv2:!EXPORT56:@STRENGTH:+3DES:+DES
# 128-bit at least
SSLCipherSuite HIGH:MEDIUM:!ADH:!DSS:!SSLv2:@STRENGTH:+3DES
SSLProtocol all -SSLv2
# your server certificate (A)
SSLCertificateFile    /etc/httpd/ssl.crt/cert-0000000000-1234.cer
# your private key (générée initialement)
SSLCertificateKeyFile /etc/httpd/ssl.key/www.xxx.com.key

If you have a certification chain file (B), add:

SSLCertificateChainFile /etc/httpd/ssl.crt/chain-0000000000-1234.txt

See SSLCertificateChainFile

3- Restart Apache and run a test

Once setted up, restart the Apache server.

/etc/init.d/apache restart

If it does not restart verify the SSL log (for any syntax error): /var/log/httpd/.

Check the access of your website's secured pages with IE 6 and Firefox.

External links

OVH guide: http://guides.ovh.com/InstallsiteSSL/contenu.html

Recap example

<VirtualHost 192.2.0.20:443>
DocumentRoot "/home/virtual/www"
ServerName www.virtualhost.com
SSLEngine on
SSLCipherSuite HIGH:MEDIUM:!ADH:!DSS:!SSLv2:@STRENGTH:+3DES
SSLProtocol ALL -SSLv2
SSLCertificateFile "/usr/local/apache/conf/ssl.crt/www.virtualhost.com.crt"
SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/www.virtualhost.com.key"
SSLCACertificateFile "/usr/local/apache/conf/ssl.crt/thawteintermediate.crt"
</VirtualHost>

Anonymous [ settings | log in ]

Last edited on 07/04/2011 15:03:34 --- [search]