Server Types

  Apache & mod_ssl/OpenSSL

  Cobalt RaQ 4/550/XTR

  BEA Systems Weblogic

  C2Net Stronghold

  WHM/CPanel

  Ensim

  F5 BigIP

  F5 Firepass

  HSphere

  IBM HTTPServer

  IBM Websphere

  Java-based webservers

  Lotus Domino 4.6x&5.0x

  Lotus Domino Go 4.6.2.6+

  Microsoft IIS 4.x

  Microsoft IIS 5.x & 6.x

  Microsoft OWA (Outlook Web Access)

  Microsoft ISA 2000

  iPlanet 4.x & Sun ONE Application Server 6.x

  Novell ConsoleONE

  Novell iChain

  Plesk Server Administrator

  Plesk 6

  Plesk 7 & 8

  SonicWall SSL Offloader

  Intel NetStructure 7110

  Website Pro 3.x

  Zeus Webserver v3

Buy Now  |  Special Offers  |  Corporate  |  Support  |  FAQ  |  About Us

Installing your Certificate on Apache Mod_SSL / OpenSSL

Step one: Copy your certificate to file

You will receive an email from OptimumSSL with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:

-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----

Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labeled private.key and the public key will be yourdomainname.crt.

It is recommended that you make the directory that contains the private key file only readable by root.

Step two: Install the Intermediate Certificate

You will need to install the chain certificate (intermediates) in order for browsers to trust your certificate. As well as your SSL certificate (yourdomainname.crt) three other certificates, named AddTrustExternalCARoot.crt, UTNAddTrustServerCA.crt and OptimumSSLCA.crt, are also attached to the email from OptimumSSL. Apache users will only require the intermediates UTNAddTrustServerCA.crt and OptimumSSLCA.crt certificates.

Firstly, create a 'bundle' file. To do this you will need to open the certificates with a text editor and add both of the certificate texts to that file, first the OptimumSSLCA.crt then the UTNAddTrustServerCA.crt and save this file as ca.txt

In the Virtual Host settings for your site, in the httpd.conf file, you will need to complete the following:

1. Copy the ca.txt file to the same directory as httpd.conf (this contains all of the CA certificates in the chain).
2. Add the following line to SSL section of the httpd.conf (assuming /etc/httpd/conf is the directory to where you have copied the ca.txt file). if the line already exists amend it to read the following:

SSLCACertificateFile /etc/httpd/conf/ca.txt

If you are using a different location and certificate file names you will need to change the path and filename to reflect your server.

The SSL section of the updated httpd config file should now read similar to this example (depending on your naming and directories used):

SSLCertificateFile /etc/ssl/crt/yourdomainname.crt

SSLCertificateKeyFile /etc/ssl/crt/private.key

SSLCACertificateFile /etc/httpd/conf/ca.txt

Save your httpd.conf file and restart Apache.