Apache

The following commands are performed on commandline.

Please note: this manual may differ from your environment, depending on the Linux distribution used and your personal configurations.

When the request for your SSL certificate is completed, it will be sent to you in a zip file containing, at least, the following files:

  • The CA root certificate
  • One or more intermediate certificates
  • Your certificate
  • A readme file

The certificate will be installed on the server in the folder you indicate. While most Linux distributions use a default SSL folder, /etc/ssl/, it is recommended to create separate folders on your server where you save your certificates and your private keys. In this example, we use the folders /etc/ssl/certificates and /etc/ssl/keys.

Place your intermediate certificate and your own certificate in the certificates folder, and your private key in the keys folder.

If your SSL certificate was sent to you with multiple intermediate certificates, it is recommended to combine these into one file. This is done with the following command:

cat intermediatecert1.cer intermediatecert2.cer > intermediates.cer

Open the configuration file of the website for which the SSL certificate was requested. In this example, this file is located in /etc/apache2/sites-available/.

Add the following lines to your configuration file:

SSLEngine on

SSLCertificateFile /etc/ssl/certificates/www.example.com.cer

SSLCertificateKeyFile /etc/ssl/keys/www.example.com.key

SSLCertificateChainFile /etc/ssl/certificates/intermediates.cer

Save your configuration file. This will look similar to the following example:

<VirtualHost *:80>
ServerName www.testomgeving.net
ServerAdmin postmaster@testomgeving.net
DocumentRoot /var/www/www.testomgeving.net/public
ErrorLog ${APACHE_LOG_DIR}/testomgeving.error.log
CustomLog ${APACHE_LOG_DIR}/testomgeving.access.log combined
</VirtualHost>
<VirtualHost *:443>
ServerName www.testomgeving.net
ServerAdmin postmaster@testomgeving.net
DocumentRoot /var/www/www.testomgeving.net/public
ErrorLog ${APACHE_LOG_DIR}/testimgeving.error.log
CustomLog ${APACHE_LOG_DIR}/testomgeving.access.log combined
SSLEngine on
SSLCertificateFile /etc/ssl/certificaten/www.testomgeving.net.pem
SSLCertificateKeyFile /etc/ssl/keys/www.testomgeving.net.key
SSLCertificateChainFile /etc/ssl/certificaten/intermediate.pem
</VirtualHost>

Check the syntax of your configuration with a configtest:

apachectl configtest

Restart your Apache installation with the following command:

systemctl restart apache2

Your SSL certificate has been installed. To check whether the installation was performed succesfully, you can scan your website with our Quickscan.




 

Windows Server 2016 with IIS

Please note: Microsoft Windows Server 2016 needs an internet connection to check the validity of your certificate. If this check is not performed, the installation cannot be concluded properly.

Your SSL certificate will be sent to you by email. Save your certificate before you start the installation process.

The installation of your certificate is done entirely in IIS Manager.

Open IIS Manager, select your server from the Connections menu and select the menu option 'Server Certificates'. Go to the option 'Complete Certificate Request' in the Actions menu on the right side of the screen.

A new window will be opened. Select the correct certificate file. At the option 'Friendly Name', add a name to the certificate to allow for easier retrieval later. Next, click on 'OK'.

After the installation, the certificate will have been added to the Server Certificates list. Double-click on the certificate to view the details.

A new window will be opened. This will show all the details of your certificate, such as the common name, the validity, and by whom the certificate was issued. If the certificate was installed correctly, this window will also include the following message:

You have a private key that corresponds to this certificate.




 

DirectAdmin

The installation of the SSL certificate is done entirely in the DirectAdmin user panel.

When the request for your SSL certificate is completed, it will be sent to you in a zip file containing, at least, the following files:

  • The CA root certificate
  • One or more intermediate certificates
  • Your certificate
  • A readme file

Unzip the files in an easy-to-locate folder. Open your certificate file in a text editor such as Notepad and copy the contents in their entirety.

In the DirectAdmin user panel, go to the menu item 'Advanced Features' and click on 'SSL Certificates'. The input field will already contain an RSA private key. Select the option 'Paste a pre-generated certificate and key' and paste the contents of your certificate file directly underneath the RSA private key in the input field, taking care to not leave any blank lines in the input field. Click on 'save'.

Include the root certificate and all of the intermediate certificates that were included in your zip file. For this, go to 'SSL Certificate' once again. Under the input field where you just added the certificate, click on the sentence 'Click here to paste a root certificate' to go to the next window.

Tick the option 'Use a CA cert' at the top of the input field. Open the root certificate file in a text editor such as Notepad and copy the entire contents of the file into the input field. Do the same with all the intermediate certificates, again making sure to not leave any blank space at the bottom of the input field as well as between the certificates.

Click 'save' to save your certificates. Your certificate has now been installed.




 

NginX

The following commands are executed on commandline.

When the request for your SSL certificate is completed, it will be sent to you in a zip file containing, at least, the following files:

  • The CA root certificate
  • One or more intermediate certificates
  • Your certificate
  • A readme file

NginX uses a bundle file for the installation of your SSL certificate. Open a new file in a text editor, such as Notepad, and copy the entire contents of the certificate files into the new file, starting with the SSL certificate, followed by all the intermediate certificates and finally the root certificate of the CA. This will look as follows:

----BEGIN CERTIFICATE----
(SSL certificate)
----END CERTIFICATE----
----BEGIN CERTIFICATE----
(intermediate certificate)
----END CERTIFICATE----
----BEGIN CERTIFICATE----
(root certificate)
----END CERTIFICATE----

Save the new file as 'certificatebundle.crt' and upload it to the server. While most Linux distributions use a default SSL folder, /etc/ssl/, it is recommended to create separate folders on your server where you save your certificates and your private keys. In this example, we use the folders /etc/ssl/certificates and /etc/ssl/keys.

Open the Nginx Virtualhost file of the website where you want to install the certificate. In this example, we use the folder /etc/nginx/sites-available/.

Configure the file as follows:

server{
listen 443;
ssl on;
ssl_certificate /etc/ssl/certificates/certificatebundle.crt;
ssl_certificate_key /etc/ssl/keys/www.yourcommonname.com.key;
server_name yourdomainname.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/yourcommonname.com/public/;
index index.html;
}
}

The server can now be rebooted to load the new configuration using the following command:

/etc/init.d/nginx restart




 

Java

The following commands are executed on commandline.

When the request for your SSL certificate is completed, it will be sent to you in a zip file containing, at least, the following files:

  • The CA root certificate
  • One or more intermediate certificates
  • Your certificate
  • A readme file

Save the SSL certificate, all included intermediate certificates, and the root certificate on your server. Using commandline, navigate to the folder where the files were saved to import the certificates.

The following placeholders are used in the examples below:

  • Yourdomainname, replace this with the alias you gave during the creation of the CSR.
  • KeyStore.jks, if you entered an alias for the keystore during the creation of the CSR, replace this with the alias.
  • CArootfile.crt, replace this with the name of the root certificate file that was included with your SSL certificate.
  • Intermediate.crt, replace this with the name of the intermediate certificate file that was included with your SSL certificate.
  • www.yourcommonname.tld.crt, replace this with the common name of the SSL certificate.

Start with the root certificate. For this, use the following command:

keytool -import -trustcacerts -alias

yourdomainname_root -file CArootfile.crt -keystore KeyStore.jks

Next, import all the intermediate certificates that were included with your SSL certificate. Use the following command:

keytool -import -trustcacerts -alias

yourdomainname_intermediate -file intermediate.crt -keystore KeyStore.jks

When you received multiple intermediate certificates, you have to install all of them. For this, repeat the step outlined above, replacing 'intermediate.crt' with the name of the intermediate certificate file each time.

Finally, import the SSL certificate with the following command:

keytool -import -trustcacerts -alias

yourdomainname -file www.yourdomainname.tld.crt -keystore KeyStore.jks

Your server will now ask if the certificate can be trusted:

Trust this certificate?

Type 'yes' and press enter. The certificate will now be added to the keystore. Restart your server to complete the installation.




 

Exchange Server 2013 and 2016

When the request for your SSL certificate is completed, it will be sent to you in a zip file containing, at least, the following files:

  • The CA root certificate
  • One or more intermediate certificates
  • Your certificate
  • A readme file

Save your certificate in an easy to reach location on your server, such as the folder where you saved your CSR. This path will look like the following example:

\servercertificatesmycertificate.cer

Log in to your Exchange Admin Center environment. Go to the menu option 'Servers' and select the option 'Certificates' in the window on the right side of the screen. Select the friendly name that you entered during the CSR creation process from the table, and click on the button 'complete' on the right side of the screen under the header 'Status'.

A new window will open. In the input field, enter the path to the location of your certificate file. Click 'ok'. Return to the 'Certificates' menu. When your certificate was loaded successfully, the status behind the friendly name will have been changed to 'valid'.

Next, assign the certificate to the appropriate services. Select the friendly name again, and click on the edit icon in the menu directly above the table. A new window will open. Click on 'services' on the left side of the window, and select the services for which you want to use the certificate. You will be able to select any or all of the following options: SMTP, UM call router, IMAP, POP, and IIS. Click 'save'.

Your certificate has now been installed and assigned.




 

Exchange Server 2010

When the request for your SSL certificate is completed, it will be sent to you in a zip file containing, at least, the following files:

  • The CA root certificate
  • One or more intermediate certificates
  • Your certificate
  • A readme file

Save your certificate in an easy to reach location on your server, such as the folder where you saved your CSR. This path will look like the following example:

\servercertificatesmycertificate.cer

Log in to your Exchange Management Console. In the tree structure on the left side of the screen, open the header 'Microsoft Exchange On-premises' and click on 'Server Configuration'. Select the server on which you wish to install the certificate with your right mouse button. Select the option 'Complete pending request'.

A new window will open. Click 'Browse' and select your certificate file. Click 'complete'. A summary of your certificate will be shown on screen. Once the certificate has been loaded, the 'finish' button becomes usable. Click the button to complete the installation.

Next, assign the certificate to the appropriate services. Return to the tree structure on the left side of the screen, open the header 'Microsoft Exchange On-premises' and click on 'Server Configuration'. Select the server you just installed the certificate on in the middle section of the screen. In the menu to the right, click 'Assign Services to Certificate'.

A new window will open. Once the server has been loaded, click 'next'. Select the services for which you want to use the certificate. You can choose any or all of the following: IMAP, POP, SMTP, IIS, and Unified Messaging. Click 'next'.

A summary of your services is shown on screen. Click 'Assign'. A new window might pop up with a warning that the current certificate will be overwritten. Click on 'yes to all'. Once the services have been assigned, you will once again be shown a summary. Click the 'finish' button to complete the process.

Your certificate has now been installed and assigned.

Personal

Personal

We are always looking for a customised solution, and, if necessary, pay you a visit.
Reachable

Reachable

We are always reachable through one of our communication channels.
Safety first

Safety first

We always look for solutions based on the best security.
No nonsense

No nonsense

We continue to learn so we can help you again and again with your digital security.
SSL, CODE SIGNING & DIGITAL IDS
Digital Security