Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Install a certificate on Apache release 1 OVH (RH 7.2 standard)

You received your certificate by email with one or several intermediate certificates and a root certificate. Keep this email within reach.

1- Retrieve your certificate(s) on your server

Go back where the private key has been generated, for example:
cd /usr/local/apache/conf/ssl.crt
In the delivery email you'll find several links. Click on them and download the associated files:
  • A: your server certificate
  • B: the certification chain

2- Configure Apache

Edit the configuration file of your Apache:
/usr/local/apache/conf/httpd.conf
If you only have one certificate installed on this machine, locate the section beginning with:
<VirtualHost _default_:443>
In order to serve your content, edit as you wish the lines: DocumentRoot and ServerName

and edit the following instructions to make them point to your files:
# Your server certificate (A)
SSLCertificateFile    /usr/local/apache/conf/ssl.crt/cert-0000000000-1234.cer
# Your private key (initially generated)
SSLCertificateKeyFile /usr/local/apache/conf/ssl.key/www.exemple.com.key
# SSL/TLS configuration
# 128-bit maximum security
SSLCipherSuite !EDH:!RC4:!ADH:!DSS:HIGH:+AES128:+AES256-SHA256:+AES128-SHA256:+SHA:!3DES:!NULL:!aNULL:!eNULL

SSLProtocol all -SSLv2 -SSLv3 
For the certification chain (file B), add:
SSLCertificateChainFile /usr/local/apache/conf/ssl.crt/chain-0000000000-1234.txt 
See SSLCertificateChainFile

3- Edit the Apache start function

Make sure your server has been configured to use SSL. To do so, edit the file:
/etc/sysconfig/apache
and make sure the line
OPTIONS="-DSSL"
is not commented (it is by default, remove the comment).

4- Restart Apache and run a test

Once setted up, restart the Apache server.
/etc/rc.d/init.d/httpd restart
If it does not restart, verify the SSL log in /var/log/httpd/ to find the mistake.

Check the access of your website's secured pages with IE 6 and Firefox.

External links

Sum up example

<VirtualHost 192.2.0.20:443>
DocumentRoot "/home/virtual/www"
ServerName www.virtualhost.com
SSLEngine on
SSLCipherSuite !EDH:!RC4:!ADH:!DSS:HIGH:+AES128:+AES256-SHA256:+AES128-SHA256:+SHA:!3DES:!NULL:!aNULL:!eNULL
SSLProtocol ALL -SSLv2 -SSLv3 
SSLCertificateFile "/usr/local/apache/conf/ssl.crt/www.virtualhost.com.crt"
SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/www.virtualhost.com.key"
SSLCertificateChainFile "/usr/local/apache/conf/ssl.crt/thawteintermediate.crt"
</VirtualHost>