Installation – Covalent Apache ERS v 2.4 or earlier

This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, VeriSign recommends that you contact Covalent.

Step 1: Install CA Certificate

Secure Site
If you are installing a Secure Site Certificate, you need to first install the Secure Site Intermediate CA Certificate.

Secure Site Pro
If you are installing a Secure Site Pro Certificate, you need to first install the Secure Site Pro Intermediate CA Certificate.

1. Copy the intermediate certificate into a text file and name it “intermediate.crt”. You can place this file in the same directory as your SSL Certificate. For example: /usr/local/ssl/crt

Step 2: Install the SSL Certificate

VeriSign will email you your certificate. If the certificate is an attachment (Cert.cer), you can use the file. If the certificate is in the body of the email, copy and paste it into a text file (such as OriginalCert.txt) using vi or Notepad. Do not use Microsoft Word or other word processing programs that may add characters. Confirm that there are no extra lines or spaces in the file. If necessary, move the file to the server machine.

1. After you receive your signed Server Certificate, copy it to a temporary directory.

2. Select Install CA Signed Certificate from the Covalent SSL Certificate and Key Management Tool. You are prompted for the path to the temporary directory that contains the signed server certificate file. Covalent SSL installs the signed server certificate:

The signed server certificate is stored in the directory /path/to/ssl1.5/certs. Its name is the same as it was as a temporary server certificate, yourserver.domain.cert (for example:

The process of signing your server certificate has no effect on your private key. It is necessary and valid for its corresponding server certificate. It is stored in the directory /path/to/ssl1.5/keys and is named yourserver.domain.key (for example:

3. In the Virtual Host settings for your site, in the httpd.conf file, you will need to add the following SSL directive:

SSLCACertificateFile /usr/local/ssl/crt/intermediate.crt

This directive specifies the location of the intermediate certificate. If you are using a different location or certificate file name than the example above (which most likely you are) you will need to change the path and/or filenames.

4. If your server is running, stop the server by executing: /path/to/apache1.3/bin/covalent-faststart-ctl stop

5. Start the server with Covalent SSL by executing: /path/to/apache1.3/bin/covalent-faststart-ctl startssl

During server start-up, you will be prompted to enter the pass phrase for the server certificate.

6. Back up the signed server certificate and store it with a backup of its corresponding private key.