Menu
picture of tbs certificates
picture of tbs certificates
Certificates
Our products range
Partners
Support
Focus


Install a certificate for Apache release 2 OVH (base gentoo)

You received your certificate by email with one or several intermediate certificates and a root certificate. Keep this email within reach.

1- Retrieve your certificate(s) on your server

Go back where the private key has been generated, for example:
cd /etc/httpd/ssl.crt
or
cd /usr/local/apache/conf/ssl.key
In the delivery email you'll find several links. Click on them and download the associated files:
  • A: your server certificate
  • B: the certification chain

2- Set up Apache

Edit your Apache 2 configuration file:
/etc/httpd/ssl.conf
If there is just one certificate on this machine, spot the section beginning with:
<VirtualHost _default_:443>
In order to serve your content, edit the line as you wish: DocumentRoot and ServerName

and edit the following instructions to mahke them point to your files:
# SSL configuration
# 128-bit mini PFS favored
#SSLCipherSuite !EDH:!ADH:!DSS:!RC2:HIGH:MEDIUM:+3DES:+RC4
# 128-bit maximal security
SSLCipherSuite !EDH:!ADH:!DSS:!RC4:HIGH:+3DES

SSLProtocol all -SSLv2 -SSLv3
# your server certificate(A)
SSLCertificateFile    /etc/httpd/ssl.crt/cert-0000000000-1234.cer
# your private key (previously generated)
SSLCertificateKeyFile /etc/httpd/ssl.key/www.example.com.key


For the certification chain (B), add:
SSLCertificateChainFile /etc/httpd/ssl.crt/chain-0000000000-1234.txt 
See SSLCertificateChainFile

3- Restart Apache and run a test

Once setted up, restart the Apache server.
/etc/init.d/apache restart
If it does not restart verify the SSL log (for any syntax error): /var/log/httpd/.

Check the access of your website's secured pages with IE 6 and Firefox.

External links

Recap example

<VirtualHost 192.2.0.20:443>
DocumentRoot "/home/virtual/www"
ServerName www.virtualhost.com
SSLEngine on
SSLCipherSuite !EDH:!ADH:!DSS:!RC4:HIGH:+3DES
SSLProtocol ALL -SSLv2 -SSLv3
SSLCertificateFile "/usr/local/apache/conf/ssl.crt/www.virtualhost.com.crt"
SSLCertificateKeyFile "/usr/local/apache/conf/ssl.key/www.virtualhost.com.key"
SSLCACertificateFile "/usr/local/apache/conf/ssl.crt/thawteintermediate.crt"
</VirtualHost>