Installation Instructions- Apache SSL


This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, VeriSign recommends that you contact either the vendor of your software or an organization that supports Apache-SSL.
Step 1: Install CA Certificate
Secure Site
If you are installing a Secure Site Certificate, you need to first install the Secure Site Intermediate CA Certificate.
Secure Site Pro
If you are installing a Secure Site Pro Certificate, you need to first install the Secure Site Pro Intermediate CA Certificate.
1. Copy the intermediate certificate into text file and name it intermediate.crt. This file can be placed in the same directory as your SSL Certificate. For example: /usr/local/ssl/crt

Step 2: Install the SSL Certificate
Your VeriSign certificate will be sent via email. If the certificate is included as an attachment (Cert.cer), you may use the file. If the certificate is imbedded in the body of the email, copy and paste it into a text file (save as public.crt) using Vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file.

You should then have a text file that looks like:


[encoded data]


Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.

1. To follow the naming convention for Apache, rename the certificate filename with the .crt extension. For example: public.crt
2. Copy your Certificate into the directory that you will be using to hold your certificates. In For example: /usr/local/ssl/crt/.
Step 3: Configure the Server
1. In order to use the key pair, the httpd.conf file will need to be updated.
2. In the Virtual Host settings for your site locate the httpd.conf file. Verify that you have the following 3 directives within this Virtual Host. Please add them if they are not present:
SSLCertificateFile /usr/local/ssl/crt/public.crt  

SSLCertificateKeyFile /usr/local/ssl/private/private.key  

SSLCACertificateFile /usr/local/ssl/crt/intermediate.crt
The first directive tells Apache how to find the Certificate File, the second one where the private key is located, and the third line the location of the intermediate certificate.
If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path and filename to reflect your server.
Depending on the version of Apache, the directive SSLCACertificateFile may be instead SSLCertificateChainFile.
Note: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start.
3. Save your httpd.conf file and restart Apache. You can most likely do so by using the apachectl script:
apachectl stop  

apachectl startssl
4. You should now be set to start using your VeriSign certificate with your Apache-SSL Server.
To verify if your certificate is installed correctly, use the VeriSign Installation Checker

For more information, see the Apache Support website.