Help with installing EV SSL?


#1

I’ve got a client with a newly purchased EV SSL from Comodo and need some help installing. Our normal systems admin guy is away at the moment.

Any takers? I’ve read the FAQ and it’s not hugely helpful.

Thanks


#2

To install a Secure Site Pro EV SSL certificate on an Apache Server, follow these steps:

IMPORTANT:

In order for your EV SSL Certificate to function properly, you must install a Symantec EV Intermediate CA Certificate on your Web server.

To avoid any issue with installation, please ensure that you complete Step 1: Install Intermediate CA Certificate.

Step 1: Install Intermediate CA Certificate

Obtain the EV intermediate CA certificate

From the list below, select the appropriate CA certificate based on your SSL certificate product:

Secure Site Pro with Extended Validation CA

Secure Site Pro with Extended Validation 30 Day Risk Free Production Trial CA

To follow the Apache naming convention, rename the Intermediate CA file with a .crt extension. For example, intermediate.crt.
Place the Intermediate CA file in the same directory as your SSL Certificate. For example, /usr/local/ssl/crt.

Step 2: Install SSL Certificate

Obtain your EV SSL Certificate using one of the following methods:

From the Approval email as a cert.cer attachment. If the attachment has been stripped from the email, retrieve the certificate from the body of the Approval email. For instructions on retrieving the certificate from the body of the email see solution SO2132
Download the Certificate from your account

To download your Secure Site Pro EV Certificate from your Symantec Trust Center account, see solution SO8061

To follow the naming convention for Apache, rename the certificate file name with the .crt extension. For example, public.crt.
Copy the Certificate to your certificate directory. For example, usr/local/ssl/crt.

Step 3: Configure your Apache Server

Update the httpd.conf file. In the Virtual Host Section of the httpd.conf file, verify that the following three directives are present:

SSLCertificateFile /usr/local/ssl/crt/public.crt (This directive tells Apache how to find the certificate file)
SSLCertificateKeyFile /usr/local/crt/private.key (This directive tells Apache how to find the private key file)
SSLCertificateChainFile /usr/local/ssl/crt/intermediate.crt (This directive tells Apache how to find the intermediate CA file)

For Example

If these directives are not present in the httpd.conf file, they must be added. If you are using a different location and file name, you must modify your directives accordingly.
Save your changes to the httpd.conf file and restart Apache web server. You can do so by using the apachectl script:

apachectl stop
apachectl startssl

Regards,
Akshay