Entrust Certificate Services Support Knowledge BaseLast Modified: 2015-11-25 15:27:11.0
SSL/TLS Certificate Installation Instructions - Apache (Linux)Before you begin
sure you back up your Apache configuration files before making any
changes. If you are replacing an existing certificate, do not delete the
existing certificate or private key files in case you need to revert
your previous configuration.
- Never share private keys files.
- If you plan on using the same certificate on multiple servers always transfer the private key using a secure method (e-mail is not considered a secure method of transfer).
- It is best practice to ensure that you have current and up to date Ciphers and Protocols to ensure the best security when deploying a new Private key and Server Certificate.
- Make sure you run the SSL Server Test at the end of the installation process to check your certificate configuration against SSL/TLS Best Practices.
For more information on SSL/TLS Best Practices, click here.
1. Click the Download button in the pickup wizard to download your certificate files. Clicking the download button will produce a a zip file that contains the following files:
- ServerCertificate.crt: Your signed SSL/TLS certificate
- ChainBundle2.crt: The Entrust Certificate chain files
2. Once the files have been extracted from the zip file, copy the files into a directory where you will store your certificate files on your server. Make sure you include your private key file that was generated when your created your CSR, as this will be required to configure SSL/TLS on your Apache server.
3. Open your Apache server configuration file and located the virtual host entry for the website that will use the certificate. The location of the configuration file may vary depending on the Apache distribution and server Operating System. Look for the following directories and files on your server:
4. In the "Virtual Host" section, add the directives shown in bold below if they are not already included in the configuration file. If these directives are already included, simply modify the files that they point to such that each directive is pointing to the latest server certificate, certificate chain, and private key files.
SSL Engine ON
- SSLCertificate file is your Server Certificate file (ServerCertificate.crt)
- SSLCertificateChainFile is the Chain bundle file (ChainBundle2.crt)
- SSLCertificateKeyFile is your server’s private key that was generated previously
6. Stop and Start your Apache server by running the following commands:
apachectl stopapachectl start
- Entrust Certificate Services Enhanced Service Account Version Not Applicable Language Not Applicable Platform Not Applicable