how to install a commercial ssl certificate

I have a rapid ssl certificate and I need to know where I can find step by step instructions to install my certificate.

I'm newb. I followed instructions in linode and still no ssl. The instructions do not include all information. I need all information including ca bundle info. Do I need to install ca bundle to make it work? Tired of getting error record too long and handshake errors. Don't want to work on the errors just the solutions. The solutions for me is to get full instructions for installing a purchased ssl certificate, not instructions for requesting a commercial certificate, not instructions for openssl to generate a certificate.

I deleted the ssl info from host file and will be starting from scratch. If you have a link with all the info I need it would be appreciated. I know its not hard just need complete and correct instructions for newb. 8)

5 Replies

Since you didn't include any information about your desired usage for the certificate (Web? SSL e-mail? something else?), server, platform, distribution, or setup, I'll guess:

~~[http://www.rapidssl.com/ssl-certificate-support/install-ssl-certificate/apachemodssl.htm" target="blank">](http://www.rapidssl.com/ssl-certificate … od_ssl.htm">http://www.rapidssl.com/ssl-certificate-support/install-ssl-certificate/apachemod_ssl.htm](

http://httpd.apache.org/docs/2.0/mod/mod_ssl.html

You might need this:

~~[http://www.geotrust.com/resources/rootcertificates/certificates/EquifaxSecureCertificateAuthority.cer" target="blank">](http://www.geotrust.com/resources/root_ … hority.cer">http://www.geotrust.com/resources/rootcertificates/certificates/EquifaxSecureCertificate_Authority.cer](

If my guess is wrong, look here:

~~[http://www.rapidssl.com/ssl-certificate-support/install-ssl-certificate/index.htm" target="_blank">](http://www.rapidssl.com/ssl-certificate … /index.htm">http://www.rapidssl.com/ssl-certificate-support/install-ssl-certificate/index.htm](

Its a Rapidssl certificate. This is the error code I get now. Thanks for the links. I still get a SSL error. Do you know how I can fix this problem? This is the info from my error logs.

[error] Invalid method in request \x16\x03\x01

[error] Invalid method in request \x16\x03\x01

Folks will be able to help you better if you provide more information. Here's a start:
3. What Web server are you using? (I'm guessing Apache.) What version?

  1. What distribution of Linux?

  2. What browser are you using to try the certificate?

  3. Can you show us your configuration?

Server is Apache 2.2.15

Distribution - Ubuntu 9.10 Karmic

The browsers are Chrome, Firefox and IE 8. Firefox gives error record too long and the other 2 browsers msg site not available. My site works with http but not https.

Nothing in httpd.conf and no ssl.conf file. The file locations

have changed and most of the apache websites haven't updated their instructions or new file locations. The new apache

releases changed the file locations. This is why most instructions

are obselete, except Linode's instructions for installing commercial

ssl. Linode's instructions are very easy to follow, this

is why I was suprised when it didn't work.


/etc/apache2/sites-available/yxx.com

SSLEngine On

SSLCertificateFile /etc/apache2/ssl/www.yxx.crt

SSLCertificateKeyFile /etc/apache2/ssl/www.yxx.key

SSLCACertificateFile /etc/apache2/ssl/rapidssl.cer

ServerAdmin webmaster@localhost.com

ServerName www.yxx.com

DocumentRoot /home/abcd/public_html/

ErrorLog /var/log/apache2/error.log

TransferLog /var/log/apache2/access.log

ServerAdmin webmaster@localhost.com

ServerName www.yxx.com

DocumentRoot /home/abcd/public_html/

ErrorLog /var/log/apache2/error.log

TransferLog /var/log/apache2/access.log


/etc/apache2/ports.conf

NameVirtualHost *443

NameVirtualHost *80

Listen 80

# SSL name based virtual hosts are not yet supported, therefore no

NameVirtualHost statement here

Listen 443

If you just change the port or add more ports here, you will likely also

have to change the VirtualHost statement in

/etc/apache2/sites-enabled/000-default

This is also true if you have upgraded from before 2.2.9-3 (i.e. from

Debian etch). See /usr/share/doc/apache2.2-common/NEWS.Debian.gz and

README.Debian.gz


/etc/apache2/apache2.conf

Based upon the NCSA server configuration files originally by Rob McCool.

#

This is the main Apache server configuration file. It contains the

configuration directives that give the server its instructions.

See http://httpd.apache.org/docs/2.2/ for detailed information about

the directives.

#

Do NOT simply read the instructions in here without understanding

what they do. They're here only as hints or reminders. If you are unsure

consult the online docs. You have been warned.

#

The configuration directives are grouped into three basic sections:

1. Directives that control the operation of the Apache server process as a

whole (the 'global environment').

2. Directives that define the parameters of the 'main' or 'default' server,

which responds to requests that aren't handled by a virtual host.

These directives also provide default values for the settings

of all virtual hosts.

3. Settings for virtual hosts, which allow Web requests to be sent to

different IP addresses or hostnames and have them handled by the

same Apache server process.

#

Configuration and logfile names: If the filenames you specify for many

of the server's control files begin with "/" (or "drive:/" for Win32), the

server will use that explicit path. If the filenames do not begin

with "/", the value of ServerRoot is prepended – so "/var/log/apache2/foo.log"

with ServerRoot set to "" will be interpreted by the

server as "//var/log/apache2/foo.log".

#

Section 1: Global Environment

#

The directives in this section affect the overall operation of Apache,

such as the number of concurrent requests it can handle or where it

can find its configuration files.

#

#

ServerRoot: The top of the directory tree under which the server's

configuration, error, and log files are kept.

#

NOTE! If you intend to place this on an NFS (or otherwise network)

mounted filesystem then please read the LockFile documentation (available

at http://httpd.apache.org/docs-2.1/mod/mp … l#lockfile">http://httpd.apache.org/docs-2.1/mod/mpm_common.html#lockfile>);

you will save yourself a lot of trouble.

#

Do NOT add a slash at the end of the directory path.

#

ServerRoot "/etc/apache2"

#

The accept serialization lock file MUST BE STORED ON A LOCAL DISK.

#

# LockFile /var/lock/apache2/accept.lock

#

PidFile: The file in which the server should record its process

identification number when it starts.

This needs to be set in /etc/apache2/envvars

#

PidFile ${APACHEPIDFILE}

#

Timeout: The number of seconds before receives and sends time out.

#

Timeout 300

#

KeepAlive: Whether or not to allow persistent connections (more than

one request per connection). Set to "Off" to deactivate.

#

KeepAlive On

#

MaxKeepAliveRequests: The maximum number of requests to allow

during a persistent connection. Set to 0 to allow an unlimited amount.

We recommend you leave this number high, for maximum performance.

#

MaxKeepAliveRequests 100

#

KeepAliveTimeout: Number of seconds to wait for the next request from the

same client on the same connection.

#

KeepAliveTimeout 15

#

Server-Pool Size Regulation (MPM specific)

#

prefork MPM

StartServers: number of server processes to start

MinSpareServers: minimum number of server processes which are kept spare

MaxSpareServers: maximum number of server processes which are kept spare

MaxClients: maximum number of server processes allowed to start

MaxRequestsPerChild: maximum number of requests a server process serves

StartServers 5

MinSpareServers 5

MaxSpareServers 10

MaxClients 150

MaxRequestsPerChild 0

worker MPM

StartServers: initial number of server processes to start

MaxClients: maximum number of simultaneous client connections

MinSpareThreads: minimum number of worker threads which are kept spare

MaxSpareThreads: maximum number of worker threads which are kept spare

ThreadsPerChild: constant number of worker threads in each server process

MaxRequestsPerChild: maximum number of requests a server process serves

StartServers 2

MinSpareThreads 25

MaxSpareThreads 75

ThreadLimit 64

ThreadsPerChild 25

MaxClients 150

MaxRequestsPerChild 0

event MPM

StartServers: initial number of server processes to start

MaxClients: maximum number of simultaneous client connections

MinSpareThreads: minimum number of worker threads which are kept spare

MaxSpareThreads: maximum number of worker threads which are kept spare

ThreadsPerChild: constant number of worker threads in each server process

MaxRequestsPerChild: maximum number of requests a server process serves

StartServers 2

MaxClients 150

MinSpareThreads 25

MaxSpareThreads 75

ThreadLimit 64

ThreadsPerChild 25

MaxRequestsPerChild 0

These need to be set in /etc/apache2/envvars

User ${APACHERUNUSER}

Group ${APACHERUNGROUP}

#

AccessFileName: The name of the file to look for in each directory

for additional configuration directives. See also the AllowOverride

directive.

#

AccessFileName .htaccess

#

The following lines prevent .htaccess and .htpasswd files from being

viewed by Web clients.

#

Order allow,deny

Deny from all

#

DefaultType is the default MIME type the server will use for a document

if it cannot otherwise determine one, such as from filename extensions.

If your server contains mostly text or HTML documents, "text/plain" is

a good value. If most of your content is binary, such as applications

or images, you may want to use "application/octet-stream" instead to

keep browsers from trying to display binary files as though they are

text.

#

DefaultType text/plain

#

HostnameLookups: Log the names of clients or just their IP addresses

e.g., www.apache.org (on) or 204.62.129.132 (off).

The default is off because it'd be overall better for the net if people

had to knowingly turn this feature on, since enabling it means that

each client request will result in AT LEAST one lookup request to the

nameserver.

#

HostnameLookups Off

ErrorLog: The location of the error log file.

If you do not specify an ErrorLog directive within a # container, error messages relating to that virtual host will be

logged here. If you do define an error logfile for a # container, that host's errors will be logged there and not here.

#

ErrorLog /var/log/apache2/error.log

#

LogLevel: Control the number of messages logged to the error_log.

Possible values include: debug, info, notice, warn, error, crit,

alert, emerg.

#

LogLevel warn

Include module configuration:

Include /etc/apache2/mods-enabled/*.load

Include /etc/apache2/mods-enabled/*.conf

Include all the user configurations:

Include /etc/apache2/httpd.conf

Include ports listing

Include /etc/apache2/ports.conf

#

The following directives define some format nicknames for use with

a CustomLog directive (see below).

If you are behind a reverse proxy, you might want to change %h into %{X-Forwarded-For}i

#

LogFormat "%v:%p %h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" vhost_combined

LogFormat "%h %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" combined

LogFormat "%h %l %u %t \"%r\" %>s %O" common

LogFormat "%{Referer}i -> %U" referer

LogFormat "%{User-agent}i" agent

#

Define an access log for VirtualHosts that don't define their own logfile

CustomLog /var/log/apache2/othervhostsaccess.log vhost_combined

Include of directories ignores editors' and dpkg's backup files,

see README.Debian for details.

Include generic snippets of statements

Include /etc/apache2/conf.d/

Include the virtual host configurations:

Include /etc/apache2/sites-enabled/


Hope you can figure it out. Thanks

:idea:

I had to delete default-ssl. Now it works

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct