Step one: Loading the Site
Certificate
You will receive an email from
ipsCA with the
certificate in the email (yourdomainname.crt). In a text editor,
your certificate will look something like this:
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
(.......)
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----
Copy your Certificate into the directory that
you will be using to hold your certificates. In this example we use
/etc/ssl/crt/. Both the public and private key files will be already in this
directory. The private key used in the example will be labelled private.key and
the public key will be yourdomainname.crt.
It is recommended that you make the directory that contains the private key
file only readable by root.
Login to the Administrator console and select
the site that the certificate was requested for.
Select Services, then Actions next to Apache Web Server and then SSL Settings.
There should already be a 'Self Signed' certificate saved.
Select 'Import' and copy the text from the yourdomainname.crt
file into the box
Select 'Save', the status should now change to
successful.
Logout, do not select delete as this will
delete the installed certificate.
Step two: Install the
Intermediate/Root Certificates
After
you are emailed your certificate, two other certificates will be
necessary to setup your SSL Server, IPS SERVIDORES ROOT CERTIFICATE and
the intermediate CA IPSCA CLASEA1. It is essential that these
certificates are also installed on your webserver in order to establish
correct SSL connections with your customer's browsers. Should they
be required, you may download these certificates individually or jointly as a bundled file below:
IPSServidores.crt
IPSCACLASEA1.crt
Apache users will not require these
certificates. Instead you can install the intermediate certificates using a
'bundle' method.
IPS-IPSCABUNDLE.CRT
In the Virtual Host settings for your site, in
the virtual site file, you will need to add the following SSL directives. This
may be achieved by:
1. Copying this ca-bundle file to the same
directory as the certificate (this contains all of the ca certificates in the
ipsCA chain, exept the yourdomainname.crt).
2. Adding the following line to the virtual host
file under the virtual host domain for your site (assuming /etc/httpd/conf is
the directory mentioned in 1.), if the line already exists amend it to read the
following:
SSLCACertificateFile
/etc/httpd/conf/ca-bundle/ca_new.txt
If you are using a different location and
certificate file names you will need to change the path and filename to reflect
this.
The SSL section of the updated virtual host file should now read similar to
this example (depending on your naming and directories used):
SSLCertificateFile
/etc/ssl/crt/yourdomainname.crt
SSLCertificateKeyFile /etc/ssl/crt/private.key
SSLCACertificateFile /etc/httpd/conf/ca-bundle/ca_new.txt
Save your virtual host file and restart
Apache.
You can now start using your ipsCA certificate with your Apache Ensim configuration.
|
