Install SSL Certificate IBM HTTP Server with EV

Important! In order for your EV SSL Certificate to function properly, you must install two (2) GeoTrust EV Intermediate CA Certificates on your Web server in addition to the EV server certificate. To avoid any issue with installation, please ensure that you complete ALL steps below.

Step 1: Install the GeoTrust Extended Validation SSL CA Root

1. Copy the GeoTrust Extended Validation SSL CA into Notepad or Vi (do not use Word) and save it as EV_root.txt .
2. Start the key management utility (iKeyman).
3. Open the key database file that was used to create the certificate request.
4. Enter the password, and then click OK.
5. Select Signer Certificates and then click Add.
6. Click Data type, and select Base64-encoded ASCII data.
7. Browse to select the file EV_root.txt you saved in the first step above. Click OK.
8. Enter a label for the importing certificate (GeoTrust Extended Validation Root). Click OK. The Signer Certificates field displays the label of the signer certificate you added.

Step 2: Install the GeoTrust Primary Certification Authority Certificate

1. Copy the GeoTrust Primary Certification Authority into Notepad or Vi (do not use Word) and save it as EV_intermediate.txt.
2. Start the key management utility (iKeyman).
3. Open the key database file that was used to create the certificate request.
4. Enter the password, and then click OK.
5. Select Signer Certificates and then click Add.
6. Click Data type, and select Base64-encoded ASCII data.
7. Browse to select the file EV_intermediate.txt you saved in the first step above. Click OK.
8. Enter a label for the importing certificate (GeoTrust Extended Validation Intermediate CA Certificate). Click OK. The Signer Certificates field displays the label of the signer certificate you added.

Step 3: Install the EV SSL Certificate

1. Your SSL server certificate will be sent to you by email. The email message includes the server certificate that you purchased in the body of the email message. It will be labled "Server Certificate (public key)". It is also downloadable from your SSL Manager account (recommended). Copy the certificate from the body of the email and paste it into a simple text editor, such as Vi or Notepad (do not use MS Word).
   
   
2. Save the file to your server as public.txt.
3. In the Key Management panel, go to the pull-down menu and select Personal Certificates. Since your new web server certificate is now a text file, select Base64-ASCII encoded data type and change the "*.arm" type to "*.txt" file type. Hit the Receive button and browse to and select your web server certificate file you saved as public.txt. This certificate should immediately show up in the list of Personal Certificates. You can View/Edit to verify your certificate.
4. Add the desired/required modules to complete your server configuration, including setting up SSL Port 443.
5. Check your httpd.conf configuration to verify the path to the appropriate key file ("key.db").
6. Stop, and then Start your IBM HTTP Server.

Troubleshooting/Testing

To verify if your certificate is installed correctly, use the GeoTrust Certificate Installation Checker.

Test your SSL certificate by using a browser to connect to your server. Use the https protocol directive. For example, if your SSL was issued to secure.mysite.com, enter https://secure.mysite.com into your browser.

Your browser's padlock icon will be displayed in the locked position if your certificate is installed correctly and the server is properly configured for SSL.