creating_valid_startssl_certificates

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
creating_valid_startssl_certificates [27.10.2016 17:28] Pascal Sutercreating_valid_startssl_certificates [27.10.2016 17:31] (current) Pascal Suter
Line 24: Line 24:
 then paste the certificate and hit return and then ctrl+D  then paste the certificate and hit return and then ctrl+D 
  
-now download the [[http://www.startssl.com/certs/sub.class1.server.ca.pem|Certificate Chain File]] to your server+For StartSSL, download the [[http://www.startssl.com/certs/sub.class1.server.ca.pem|Certificate Chain File]] to your server. Other providers sometimes include a pem file or a bundle file in their downloads with the certificate itself and some others (like comodo) provide a set of crt files which need to be combined into a package for apache. for comodo you get three files and they need to be cat-ed togeterher into one bundle.crt:  
 +  cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt
  
 last but not least you need to make sure your apache ssl config is pointing to those files. make sure you have these lines in your virtual host configuration to enable and configure ssl for your site. of course you need to make sure the paths match your setup :) last but not least you need to make sure your apache ssl config is pointing to those files. make sure you have these lines in your virtual host configuration to enable and configure ssl for your site. of course you need to make sure the paths match your setup :)
Line 33: Line 34:
         SSLCertificateFile    /etc/ssl/certs/server.crt         SSLCertificateFile    /etc/ssl/certs/server.crt
         SSLCertificateKeyFile /etc/ssl/certs/server.key         SSLCertificateKeyFile /etc/ssl/certs/server.key
-        SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem 
 </code> </code>
 +if you have a pem file add this line as well: 
 +  SSLCertificateChainFile /etc/ssl/certs/sub.class1.server.ca.pem
 +if you had to compile your package like shown above, you can use this line 
 +  SSLCACertificateFile "/ssl/bundle.crt"
 +
  
 now **reload apache** now **reload apache**
  • creating_valid_startssl_certificates.txt
  • Last modified: 27.10.2016 17:31
  • by Pascal Suter