(Apache v2.X)
- Download the appropriate GlobalSign root certificate and save it in a text editor as “gs_root.pem.” Only the ExtendedSSL certificate uses the GlobalSign root CA R2 certificate.
- Download the appropriate intermediate certificate(s) and save it in a text editor as “intermediate.pem”.
- Copy your SSL certificate from the order fulfillment e-mail or log into your GlobalSign Certificate Center account and download it. Paste it into a text editor. Save the file as “mydomain.crt.”
- Copy “mydomain.crt” and “intermediate.pem” to the directory in which you plan to store your certificates.
- Open your “httpd.conf” file with a text editor. Please note that some installations keep the SSL section separately in the “ssl.conf” file. Locate the the virtual host section for the site that the SSL certificate will secure.Your virtual host section will need to contain the following directives:
- SSLCACertificateFile – This will need to point to the appropriate GlobalSign root CA certificate.
- SSLCertificateChainFile – This will need to point to the appropriate intermediate root CA certificates you previously created in Step 1 above.
- SSLCertificateFile – This will need to point to the end entity certificate. This is the certificate you have called “mydomain.crt.”
- SSLCertificateKeyFile – This will need to point to the private key file associated with your certificate.
- Save the changes to the file. Quit the text editor.
- Restart Apache.
(creating CSR)
- Make sure OpenSSL is installed and in your
PATH
. - Create a RSA private key for your Apache server (will be Triple-DES encrypted and PEM formatted):
$ openssl genrsa -des3 -out server.key 2048
Please backup this
server.key
file and the pass-phrase you entered in a secure location. You can see the details of this RSA private key by using the command:$ openssl rsa -noout -text -in server.key
Unless you want to enter the password each time you start apache, you will need a decrypted PEM version for later:
$ openssl rsa -in server.key -out server.key.unsecure
- Create a Certificate Signing Request (CSR) with the server RSA private key (output will be PEM formatted):
$ openssl req -new -key server.key -out server.csr