Entrust Datacard

Entrust Certificate Services Support Knowledge Base

Last Modified: 2017-05-05 06:42:45.0

Entrust Datacard SSL/TLS Certificate Installation Instructions - Apache2 (Ubuntu)

Article Number: 46523

User-added image
Purpose: SSL/TLS certificate installation guide
For Apache2 Server (on Linux Ubuntu)
For Apache installation on non-Ubuntu distribution go here.
For Apache installation on Mac go here.
For Apache installation on Windows go here.

User-added image

Skip to Installation

Need help generating a Certificate Signing Request (CSR) with this server?

If you are an ECS Enterprise account user, you may use the ACME Services for Entrust tool to auto-create the CSR. Otherwise, please use our Open SSL CSR command builder.

After you have obtained the command to use to create the CSR from the command builder, open your terminal and paste the command. A CSR and private key will be created:

User-added image

Steps to install SSL Certificate on Linux(Ubuntu) Apache Web Server.

Skip to steps

Before you begin...
  • Make sure you back up your Apache configuration files before making any changes. If you are replacing an existing certificate, do not delete the existing certificate or private key files in case you need to revert your previous configuration.
  • Never share private keys files. 
  • If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
  • It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
  • Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
  • For more information on SSL/TLS Best Practices, click here.
Special notes for installation on Linux OS:
  • You must be able to sudo as root or have root access to the server in order to perform the commands below. Not being able to do so or having such access will lead to a permissions denied error. In this article, we will use the sudo command. If you are able to log in as root, disregard the "sudo" portion of the commands listed in this article.
  • You must have ssl turned on for your Apache server and you must have the site for which you are going to be installing the certificate enabled.
The installation is in four parts
1) Copy the certificate files to your server
2) Configure the Apache server to point  to certificate files
3) Test the configuration was successful
4) Restart the Apache server

Part 1 of 4: Copy the certificate files to your server
 
1. Extract the certificate files. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a zip file that contains the following files:
  • ServerCertificate.crt: Your signed SSL/TLS certificate
  • ChainBundle1.crt: The Entrust Certificate chain bundled in a single file
User-added image
2. Copy the files to your server. Once the files have been extracted from the zip file, copy the files as well as the private key that generated upon certificate creation into a directory where you will store your certificate files on your server.

You can copy the files using your Terminal and the command below:

sudo cp [file from the directory where your certificates where downloaded] /etc/apache2/ssl

User-added image

In this example above, the directory upon my Apache server where my certificates are being stored is /etc/apache2/ssl, thus this is the folder to which I have transferred my chain bundle, server certificate and private key.

Part 2 of 4: Configure the Apache server to point  to Apache files

1. Find the Apache configuration file to configure it to point to these certificates. Ubuntu's Apache configuration file for your site should be found in /etc/apache2/sites-enabled/your-website. If you cannot find this file, it is possible you have not yet run the command sudo a2ensite your-website . Do so if the configuration file is not located in the site-enabled directory.

2. Open the file in terminal as we will use the sudo command to edit its contents.

The command to open the file using terminal is as follows:

sudo nano [directory where the configuration file is located]  
In the example below: sudo nano /etc/apache2/sites-enabled/testcertificates.com

User-added image

3. Configure the <VirtualHost> block for the ssl-enabled site. In the "Virtual Host" section of the file, add the directives shown in bold below if they are not already included. If these directives are already included, simply modify the files such that each directive is pointing to the latest server certificate, certificate chain, and private key files.

<VirtualHost testcertificates.com:443>
DocumentRoot /var/www/
SSLEngine on
SSLCertificateFile /path/to/your-server-certificate.crt
SSLCertificateKeyFile /path/to/your-private-key.crt
SSLCertificateChainFile /path/to/chain-bundle-file.crt
<\VirtualHost> 


Where:
  • SSLCertificate file is your Server Certificate file (ServerCertificate.crt)
  • SSLCertificateKeyFile is your server’s private key that was generated previously
  • SSLCertificateChainFile is the Chain bundle file (ChainBundle2.crt)
Here's how this should look:

User-added image

Exit nano and save changes. 
To save in nano, hit CRL+X and then when prompted, type Y to confirm the modifications you have made to the file.

Part 3 of 4: Test the configuration was successful

Test your Apache config with the following command:
sudo apachect1 configtest

Part 4 of 4: Restart the Apache server

Restart your Apache server by running the following command:
sudo apachectl restart

Your SSL/TLS Certificate should now be installed. If you have any questions or concerns please contact the Entrust Certificate Services support department for further assistance.

Hours of Operation:
Sunday 8:00 PM ET to Friday 8:00 PM ET 
North America (toll free): 1-866-267-9297 
Outside North America: 1-613-270-2680 (or see the list below) 
NOTE: It is very important that international callers dial the UITF format exactly as indicated. Do not dial an extra "1" before the "800" or your call will not be accepted as an UITF toll free call.
 
CountryNumber
Australia0011 - 800-3687-7863
1-800-767-513
Austria00 - 800-3687-7863
Belgium00 - 800-3687-7863
Denmark00 - 800-3687-7863
Finland990 - 800-3687-7863 (Telecom Finland)
00 - 800-3687-7863 (Finnet)
France00 - 800-3687-7863
Germany00 - 800-3687-7863
Hong Kong001 - 800-3687-7863 (Voice)
002 - 800-3687-7863 (Fax)
Ireland00 - 800-3687-7863
Israel014 - 800-3687-7863
Italy00 - 800-3687-7863
Japan001 - 800-3687-7863 (KDD)
004 - 800-3687-7863 (ITJ)
0061 - 800-3687-7863 (IDC)
Korea001 - 800-3687-7863 (Korea Telecom)
002 - 800-3687-7863 (Dacom)
Malaysia00 - 800-3687-7863
Netherlands00 - 800-3687-7863
New Zealand00 - 800-3687-7863
0800-4413101
Norway00 - 800-3687-7863
Singapore001 - 800-3687-7863
Spain00 - 800-3687-7863
Sweden00 - 800-3687-7863 (Telia)
00 - 800-3687-7863 (Tele2)
Switzerland00 - 800-3687-7863
Taiwan00 - 800-3687-7863
United Kingdom00 - 800-3687-7863
0800 121 6078
+44 (0) 118 953 3088

TN7575

Affected Products:

  • Entrust Certificate Services Enhanced Service Account Version Not Applicable Language Not Applicable Platform Not Applicable