How to Install Certum SSL certificate

Steps to Install Certum SSL Certificate on Apache web server

Certum SSL CertificateInitial Instruction Please complete this checklist before installing Certum SSL Certificate on Apache Web server.

  • Buy/renew Certum SSL Certificate
  • Generate CSR with SHA-2 algorithm
  • Save the CSR & Private key file on your server directory
  • Apply for SSL Certificate Issuance
  • Submit SSL issuance Documents as per Certum’s requirement (Only for OV & EV Certificate issuers)

Step 1: Save Certum SSL Certificate Files

After payment and document verification process Certum will send you the SSL Certificate file which certificate files are server certificate, root certificate and intermediate certificate. Store these all files on your Apache server directory.

Make sure these files must keep in separate directories where only Apache have permission to read, For Example – The location on SSL key file is /etc/ssl/ssl.key and the location of the Server Certificate and CA-Bundle Files are – /etc/ssl/ssl.crt)

Above file locations and name we’ve used are just for illustration purpose, you can use your own own unique name and file locations.

Step 2: Download CA bundle Files

CA-bundles are required to install SSL Certificate. CA-Bundle files should be different based on the type of your SSL certificate (Either Domain, Organization or Extended Validation SSL certificate). Check below table to download CA-bundle file.

SSL Certificate File Type CA-Bundle Source
Domain Validation SSL – SHA-2 https://repository.certum.pl/bundles/DVSSLChain-SHA2.crt
Extended Validation SSL – SHA-2 https://repository.certum.pl/bundles/EVSSLChain-SHA2.crt
Organization Validation – SHA-2 https://repository.certum.pl/bundles/OVSSLChain-SHA2.crt

 

Step 3: SSL Configuration file (HTTPD.CNF) modification

  • Open the cnf file using any text editor (E.G Notepad).
  • In the virtual host section add following lines to add information about the domain which you wish to secure using SSL certificate.
      • SSLEngine on
      • SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
      • SSLCertificateFile /etc/ssl/ssl.crt/domain.crt
      • SSLCertificateChainFile /etc/ssl/ssl.crt/domain.ca-bundle

    For older Apache version use SSLCACertificateFile instead of SSLCertificateChainFile.

    • SSLProtocol all
    • SSLHonorCipherOrder On (Ciphers use order in server)
    • SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS (To set up the priority to the strong ciphers & also disabling the weak ciphers as well.)
  • Save the httpd.cnf file.
  • Restart your Apache Server.

Your SSL Certificate is now installed on your Apache Web Server.

Note: File names such as server.key, domain.crt, and domain.ca-bundle are used for illustration purpose only. You have to use your own certificate file names.

Resources and Other Installation Guides