SSL Certificates

SSL Certs, SSL Certificate, SSL Certificates

Securing Your Online Business

Entrust Certificate Services Support Knowledge Base

Audience: General
Last Modified: 2008-09-23 13:49:35.0

TN 7558 - Installation of Chain Certificate into C2NET Stronghold

Question:

How do I install a chain certificate in C2NET Stronghold?

Answer

On startup, Stronghold loads certificates from the file specified by the SSLCACertificateFile entry in its "httpd.conf" file. To install the Entrust L1B chain certificate, simply add it to this file. Follow these steps:

  1. Open a web browser and go to the URL that appears in the confirmation email you received from Entrust. Your certificates are displayed.

  2. The Entrust SSL Certificate is in the section named "Entrust SSL Certificate" and the Entrust L1B Chain Certificate is in the section named "Entrust Chain Certificate".

  3. Open a text editor. You will save your certificates using this text editor.
  4. Open a Web browser and go to the URL that appears in the confirmation email you received from Entrust. Your certificates are displayed. The Entrust SSL Certificate is in the section named Entrust SSL Certificate and the Entrust L1BChain Certificate is in the section named Entrust L1BChain Certificate.
  5. Copy the Entrust L1B Chain Certificate to your clipboard. You must include the "----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines.

  6. Paste the certificate into the text editor and ensure that the entire text is flushed to the left with no leading or trailing whitespace. If there are any extra spaces the server will not recognize the format of the file and you will not be able to install the certificate.

  7. Save the certificate as a file (for example, "/tmp/entrustL1Bchaincert.txt").

  8. Close your text editor.

  9. Open your "httpd.conf" file and find the SSLCACertificateFile entry. The file specified by this entry contains the certificates that Stronghold loads on startup. You must add the Entrust Chain Certificate to this file. By default the entry will be SSLCACertificateFile="<server_root>/ssl/CA/client-rootcerts.pem".
    You will find "httpd.conf" in the directory <server_root>/conf.

  10. Open the file identified by SSLCACertificateFile (for example, <server_root>/ssl/CA/client-rootcerts.pem) in a text editor.

  11. Open the file that contains the Entrust L1B Chain Certificate in a text editor (by default this will be /tmp/entrustL1Bchaincert.txt).

  12. Copy the Entrust L1B Chain Certificate (including the "-----BEGIN CERTIFICATE-----" and "-----END CERTIFICATE-----" lines to the clipboard.

  13. Paste the Entrust L1B Chain Certificate into the file identified by SSLCACertificateFile. In most cases you will want to insert the Entrust L1B Chain Certificate at the end of the file and add a comment to identify the certificate.

  14. Save the modified file and close the text editor.

  15. Delete the chain certificate file you created in Step 1 (for example, rm /tmp/entrustL1Bchaincert.txt).

  16. Restart your server using <server_root>/bin/reload-server.

You have just installed the Entrust L1B Chain Certificate.

Affected Products:

  • Entrust Certificate Services Enhanced Service Account Version Not Applicable Language Not Applicable Platform Not Applicable

SSL Certificates

buyExtended Validation (EV)

buyAdvantage SSL

buyStandard SSL

buyUnified Communications

buyCode Signing Certificates

buyAdobe CDS