Installation

Installing your Digi-SSL™ Certificate

You will receive 2 Certificates from Digi-Sign. When viewed in a text editor, these certificates will look something like:

    -----BEGIN CERTIFICATE-----
    MIAGCSqGSIb3DQEHAqCAMIACAQExADALBgkqhkiG9w0BBwGggDCCAmowggHXAhAF
    UbM77e50M63v1Z2A/5O5MA0GCSqGSIb3DQEOBAUAMF8xCzAJBgNVBAYTAlVTMSAw
    (.......)
    E+cFEpf0WForA+eRP6XraWw8rTN8102zGrcJgg4P6XVS4l39+l5aCEGGbauLP5W6
    K99c42ku3QrlX2+KeDi+xBG2cEIsdSiXeQS/16S36ITclu4AADEAAAAAAAAA
    -----END CERTIFICATE-----

Save/upload these Certificates to the web server configuration directory (or other safe directory on the server hard drive that you will be using to hold your certificates). In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labeled private.key and the public key will be yourdomainname.cer.

It is recommended that you make the directory that contains the private key file only readable by root.

1.2.2 Installing the CA Chain file containing the Root & Intermediate Certificates

You will need to install the chain certificates (root and intermediates) in order for browsers to trust your certificate.

As well as your Digi-SSL™ certificate (yourdomainname.cer), two other certificates, named UTN-USERFirst-Hardware.crt and Digi-SignCADigi-SSLXp.crt or Digi-SignCADigi-SSLXs.crt, might also be attached to the email from Digi-Sign.

Apache users will not require these certificates. Instead you can install the root and intermediate certificates (CA Chain) using a 'bundle' file method. The CA 'bundle' file - in most cases will be attached to the email from Digi-Sign, however you can also download it from the following URLs:

CA Bundle for Digi-Acess™ setup with Digi-SSL™ Xp CA:
http://www.digi-sign.com/downloads/certificates/digi-access/BundledCAXp.pem

CA Bundle for Digi-Acess™ setup with Digi-SSL™ Xs CA:
http://www.digi-sign.com/downloads/certificates/digi-access/BundledCAXs.pem

In the Virtual Host settings for your site, in the httpd.conf file (or other file where you keep your Virtual Host configuration), you will need to complete the following:

    1. Copy the ca-bundle file to the same directory as httpd.conf (this contains all of the CA certificates in the chain

    2. Add the following line to the SSL section of the httpd.conf (assuming /etc/httpd/conf is the directory to where you have copied the BundledCA.cer file). If the line already exists amend it to read the following:
    SSLCACertificateFile /etc/httpd/conf/ca-bundle/BundledCA.cer

If you are using a different location and certificate file names you will need to change the path and filename to reflect your server.
The SSL section of the updated httpd config file should now read similar to this example (depending on your naming and directories used):

    SSLCertificateFile /etc/ssl/crt/yourdomainname.cer

    SSLCertificateKeyFile /etc/ssl/crt/private.key

    SSLCACertificateFile /etc/httpd/conf/ca-bundle/BundledCA.cer

Important: Save your httpd.conf file and restart Apache.