|
Step one: Copy your certificate to file
You will receive an email from InstantSSL with the
certificate in the email (yourdomainname.crt). When viewed in a text
editor, your certificate will look something like:
-----BEGIN CERTIFICATE-----
MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
(.......)
E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
-----END CERTIFICATE-----
Copy your Certificate into the directory that you will
be using to hold your certificates. In this example we will use /etc/ssl/crt/.
Both the public and private key files will already be in this
directory. The private key used in the example will be labeled
private.key and the public key will be yourdomainname.crt.
It is recommended that you make the directory that
contains the private key file only readable by root.
Step two: Install the Intermediate Certificates
You will need to install the chain certificates (intermediates)
in order for browsers to trust your certificate. As well as your SSL
certificate ( yourdomainname.crt) three other certificates, named
GlobalSignRootCA.crt, GlobalSignPartnersCA.crt and
ComodoClass3SecurityServicesCA.crt, are also attached to the
email from InstantSSL. Apache users will not require these
certificates. Instead you can install the intermediate certificates
using a 'bundle' method.
In the Virtual Host settings for your site, in the
httpd.conf file, you will need to add the following SSL directives.This
may be achieved by:
1. Copy this
ca-bundle file to the same directory as httpd.conf (this
contains all of the ca certificates in the InstantSSL chain).
2. Add the following line to httpd.conf (assuming /etc/httpd/conf
is the directory mentioned in 1.), if the line already exists amend
it to read the following:
SSLCertificateChainFile /etc/httpd/conf/ca-bundle
If you are using a different location and certificate
file names you will need to change the path and filename to reflect
your server.
The SSL section of the updated httpd config file
should now read similar to this example (depending on your naming
and directories used):
//Locate Certificate File:
SSLCertificateFile /etc/ssl/crt/yourdomainname.crt
//Locate Private Key File:
SSLCertificateKeyFile /etc/ssl/crt/private.key
//Locate CA Chain bundle file:
SSLCertificateChainFile /etc/httpd/conf/ca-bundle
Save your httpd.conf file and restart Apache. You can
most likely do so by using the apachectl script:
apachectl stop
apachectl startssl
You are now all set to start using your InstantSSL
certificate with your Apache + ModSSL |
CSR
bilgisi oluşturma?