Apache via Ensim Webappliance 3.1.x

Step by Step Instructions

Step one: Loading the Site Certificate

You will receive an email from Digi-Sign with the certificate in the email (yourdomainname.cer). When viewed in a text editor, your certificate will look something like:



    -----BEGIN CERTIFICATE-----
    MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
    (.......)
    K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
    -----END CERTIFICATE-----



Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labelled private.key and the public key will be yourdomainname.cer.

It is recommended that you make the directory that contains the private key file only readable by root.

Login to the Administrator console and select the site that the certificate was requested for.

Select Services, then Actions next to Apache Web Server and then SSL Settings. There should already be a 'Self Signed' certificate saved.

IMAGE



Select 'Import' and copy the text from the yourdomainname.cer file into the box

IMAGE



Select 'Save', the status should now change to successful.

IMAGE



Logout, do not select delete as this will delete the installed certificate.

Step two: Install the Intermediate/Root Certificates

You will need to install the Intermediate and Root certificates in order for browsers to trust your certificate. As well as your SSL certificate ( yourdomainname.cer) two other certificates, named UTN-USERFirst-Hardware.crt and Digi-SignCADigi-SSLXp.crt or
Digi-SignCADigi-SSLXs.crt, are also attached to the email from Digi-Sign. Apache users will not require these certificates. Instead you can install the intermediate certificates using a 'bundle' method.

    Download a Bundled cert file

    In the Virtual Host settings for your site, in the virtual site file, you will need to add the following SSL directives. This may be achieved by:

      1. Copy this ca-bundle file to the same directory as the certificate (this contains all of the ca certificates in the Digi-Sign chain, except the yourdomainname.cer).

      2. Add the following line to the virtual host file under the virtual host domain for your site (assuming /etc/httpd/conf is the directory mentioned in 1.), if the line already exists amend it to read the following:

    SSLCACertificateFile /etc/httpd/conf/ca-bundle/ca_new.txt

    If you are using a different location and certificate file names you will need to change the path and filename to reflect this.
    The SSL section of the updated virtual host file should now read similar to this example (depending on your naming and directories used):

    Save your virtual host file and restart Apache.
    You are now all set to start using your Digi-Sign certificate with your Apache Ensim configuration.