You will receive an e-mail from Trustwave® with the certificate attached to the e-mail. The filename will be similar to www_yourdomain_com.cer. Copy this file to your server and place it in the directory where you will keep your certificates.
We recommend copying the certificate text to the clipboard and pasting the certificate text into a text editor (like vi, nano, or pico) or using FTP to upload it to your server.
You will need to move the private key (which you created in the CSR step previously) and the new certificate into a secure folder. We recommend making the private key readable only by root.
In this example, we will use /etc/ssl/crt/ as our folder for private keys and certificates. The private key will be called private.key and the certificate will be called www_yourdomain_com.cer.
To finish the installation, you will need to edit the global Apache configuration file (usually called "httpd.conf") or a virtual host file, depending on your server's configuration. If you are not sure where to look, try using the locate command to find httpd.conf.
Once you locate the file, add the following two lines:
SSLCertificateFile /etc/ssl/crt/www_yourdomain_com.cer SSLCertificateKeyFile /etc/ssl/crt/private.key
Save your configuration file.
For Apache to use your newly installed SSL certificate, you will need to restart Apache. Normally this can be done with apachectl restart, /etc/init.d/httpd restart, or /etc/init.d/apache restart.
Note: If you can reach your site via "https://", but are getting an "Untrusted Issuer" message, view the details of the certificate. If the certificate shows "Issued By: Trustwave Organization Validation CA, Level 2" or "Issued By: Trustwave Domain Validation CA, Level 1", then it is likely that you need to install a Trustwave® Intermediate certificate.
DOWNLOAD INTERMEDIATE/CHAIN FILE - This link will bring you to the "Download Root Certificates" page on ssl.trustwave.com.
If your SSL certificate shows "Issued By: Trustwave Organization Validation CA, Level 2", then you will want to download the "Trustwave® Organization Validation CA" file under "PEM Format"
If your SSL certificate shows "Issued By: Trustwave Domain Validation CA, Level 1", then you will want to download the "Trustwave® Domain Validation CA" file under "PEM Format"
The Intermediate comes as either a ".cer" or ".crt" extension. Technically speaking; the ".cer" and ".crt" extensions are one in the same. If your instance of Apache requires that you use ".crt" files, then you can simply rename a ".cer" file to ".crt"
Open your httpd.conf file (some installations keep the SSL section separately in the ssl.conf file) using a text editor and locate the the host section for the site for which the SSL Certificate will secure.
Your host section will need to contain the following directives:
"SSLCACertificateFile" - Set this attribute to point to the appropriate Trustwave® root CA certificate. The Trustwave® root CA certificate can downloaded from the following URL:
"SSLCertificateChainFile" - Set this attribute to point to the intermediate file.
"SSLCertificateFile" - Set this attribute to point to the end entity certificate (the "[yourdomain].cer" file you received from Trustwave®)
"SSLCertificateKeyFile" - Set this attribute to point to the private key that was generated with your CSR.
Save the changes to the file and quit the text editor
Restart Apache using apachectl restart, /etc/init.d/httpd restart, or /etc/init.d/apache restart.
