Toll Free: 800-892-7095

Install SSL Certificate: Apache with EV

Important! In order for your EV SSL Certificate to function properly, you must install two (2) GeoTrust EV Intermediate Certificates on your Web server in addition to the EV server certificate. However, Apache requires the installation of the two EV Intermediate CA certificates as a single file. For your convenience, GeoTrust offers the EV Intermediate CA's as a bundle which includes both the Primary and the Secondary EV Intermediate CA Certificates merged together in a single file. To avoid any issue with installation, please ensure that you complete ALL steps below.

Step 1: Install Intermediate CA Certificate Bundle

Copy the EV intermediate CA Bundle into a text file and name it ev_intermediate.crt. This file can be placed in the same directory as your EV SSL Certificate such as /usr/local/ssl/crt (yours may be different).

Step 2: Install the EV SSL Server Certificate

Your SSL server certificate will be sent to you by email. The email message includes the server certificate that you purchased in the body of the email message. It will be labled "Server Certificate (public key)". It is also downloadable from your SSL Manager account (recommended). Copy the certificate from the body of the email and paste it into a simple text editor, such as Vi or Notepad (do not use MS Word).
Save the server certificate as public.crt to the Apache server directory in which you plan to store your certificates, such as /usr/local/ssl/crt (yours may be different). Note that it doesn't matter what you call the file as long as you reference that same file name later in your Apache httpd.conf file.

Step 3: Configure the Server

Open the Apache httpd.conf file in a text editor.
Locate the SSL VirtualHost container associated with your certificate. Verify that you have the following three directives within this virtual host. Please add them if they are not present.

SSLCertificateFile /usr/local/ssl/crt/public.crt SSLCertificateKeyFile /usr/local/ssl/private/private.key SSLCACertificateFile /usr/local/ssl/crt/ev_intermediate.crt
The first directive tells Apache how to find the server certificate file, the second one where the private key is located, and the third line the location of the intermediate certificate bundle.

If you are using a different location and certificate file names than the example above (which most likely you are) you will need to change the path and filename to reflect your server.

Note: Some instances of Apache contain both a httpd.conf and ssl.conf file. Please enter or amend the httpd.conf or the ssl.conf with the above directives. Do not enter both as there will be a conflict and Apache may not start.
Save the changes and exit the editor.
After making changes to your config file it is good practice to check the file for syntax errors using apachectl configtest. The command will return Syntax Ok if there are no errors.
Restart your apache web server:
apachectl stop
apachectl start

Troubleshooting/Testing

New To verify if your certificate is installed correctly, use the GeoTrust Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon Browser padlock will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.

Disclaimer: GeoCerts has made efforts to ensure the accuracy and completeness of the information in this document. However, GeoCerts makes no warranties of any kind (whether express, implied or statutory) with respect to the information contained herein. GeoCerts assumes no liability to any party for any loss or damage (whether direct or indirect) caused by any errors, omissions, or statements of any kind contained in this document. Further, GeoCerts assumes no liability arising from the application or use of the product or service described herein and specifically disclaims any representation that the products or services described herein do not infringe upon any existing or future intellectual property rights. Nothing herein grants the reader any license to make, use, or sell equipment or products constructed in accordance with this document. Finally, all rights and privileges related to any intellectual property right described herein are vested in the patent, trademark, or service mark owner, and no other person may exercise such rights without express permission, authority, or license secured from the patent, trademark, or service mark owner. GeoCerts reserves the right to make changes to any information herein without further notice.

Our Customers

(see more)