1

I've recently purchased a wildcard SSL certificate for my domain, generated the CSR, and everything has been sent through OK.

My question is quite straightforward, but following this - http://www.globalsign.com/support/install/install_apache.php, I can't make any sense of what to match to what.

Basically - I have 5 files:

 - gs_intermediate_ca.crt - gs_root.pem - mydomain.com.crt - intermediate.pem - *.mydomain.com.key

The Values:

 SSLCACertificateFile = ? SSLCertificateChainFile = ? SSLCertificateFile = mydomain.com.crt SSLCertificateKeyFile = ?

I'm new to this, any help would be greatly appreciated! Thanks

Edit >> Using the Answers below! Cheers,

I'm now receiving the following errors:

 [error] Init: Unable to read server certificate from file /etc/apache2/domain.ssl/domain.ssl.crt/domain.com.crt [error] SSL Library Error: 218529960 error:0D0680A8:asn1 encoding routines:ASN1_CHECK_TLEN:wrong tag [error] SSL Library Error: 218595386 error:0D07803A:asn1 encoding routines:ASN1_ITEM_EX_D2I:nested asn1 error

My vHost now looks like so:

 SSLCertificateFile /etc/apache2/domain.ssl/domain.ssl.crt/domain.com.crt SSLCertificateKeyFile /etc/apache2/domain.ssl/domain.ssl.key/domain.com.key SSLCertificateChainFile /etc/apache2/domain.ssl/ca.crt SSLCACertificateFile /etc/apache2/domain.ssl/gs_intermediate_ca.crt

Any idea where these errors can be coming from - is there a check I can run on the .crt file?

Kind regards

Improve this question
1
  • *.mydomain.com.key - is that really a file name? If so I'd remove *. Commented Sep 29, 2011 at 14:39

2 Answers 2

Reset to default
1

That doc is definitely confusing. My guess:

SSLCACertificateFile = /path/to/gs_intermediate_ca.crt SSLCertificateChainFile = /path/to/chain_file SSLCertificateFile = /path/to/mydomain.com.crt SSLCertificateKeyFile = /path/to/mydomain.com.wildcard.key

You should put all files outside the DocumentRoot and protect them with ownership/permissions. (I usually store certs in /etc/apache2/ssl and set ownership to root:root, permissions to 400.)

EDIT: You should download a combined chain ("bundle") file here: http://www.globalsign.com/support/intermediate-root-install.php

Scroll to GlobalSign Root Bundle Certificates.

Improve this answer
3 
SSLCertificateFile mydomain.com.crt SSLCertificateKeyFile mydomain.com.key

For SSLCertificateChainFile, you'll make a new file. Combine the intermediate and root certificates into one file formatted like this:

-----BEGIN CERTIFICATE----- (intermediate certificate's base64 data here) -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- (root certificate's base64 data here) -----END CERTIFICATE-----

And point SSLCertificateChainFile at that.

Improve this answer
1
  • +1 Essentially the same solution, but alternate method, without a ton of edits :-) Commented Sep 29, 2011 at 17:07

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.