Intel Duo Core 4GB RAM, 4 IP CentOS /Apache Unlimted traffic $165 per month
Intel Duo Core 4GB RAM, 4 IP Win 2003 Enterprise Unlimited traffic $195 per month
Intel Quad Core 8GB RAM, 4 IP CentOS /Apache Unlimted traffic $215 per month
Original Cost Effective Design Development and Programming Graphic Design & Imaging Flash Site and Elements Design Website Maintenance E-commerce Web Site Design
Starting From $480
The final part of your BMH Fast SSL application is the installation of your certificate. Installation of your SSL Certificate will differ greatly dependent on your webserver software. Select your webserver software from the list after reading the following general points:
When you are emailed your BMH Fast SSL certificate, two other certificates will also be attached to the email. Should they be required, you may download these certificates individually or collectively as a bundled file below. To download these files right click on the file name and select 'Save Target As'.
Our SSL Certificates are compatible with almost all popular webserver software. If your webserver software does not appear on the list, please contact support@bmhsrv.com with full details of your webserver software and we will contact you with further instructions.
Installing your Certificate on Apache Mod_SSL / OpenSSL
Step one: Copy your certificate to file
You will receive an email from Comodo with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:
Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labeled private.key and the public key will be yourdomainname.crt. It is recommended that you make the directory that contains the private key file only readable by root.
Step two: Install the Intermediate Certificate
You will need to install the Intermediate CA certificates in order for browsers to trust your certificate. The Intermediate CA certificates are contained within the ca-bundle file that was attached to your email in the zip file (this should be named your SERVERNAME.ca-bundle). In the relevant Virtual Host section for your site, you will need to complete the following in get this file correctly reference:
Copy the. SERVERNAME.ca-bundle file to the same directory as certificate and key files and name it ca.txt
Add the following line to the SSL section of the httpd.conf (assuming /etc/httpd/conf/ is the directory to where you have copied the intermediate CA file) If the line already exists amend it to read the following:
If you are using a different location and certificate file names you will need to change the path and filename to reflect the path and file name that you are using. The SSL section of the updated config file should now read similar to this example (depending on the file name and directories used):
Go to the Server Management screen.
Click the green icon (Wrench for RaQ4, Pencil for XTR) next to the SSL enabled virtual site
Click SSL Settings on the left side.
Copy the entire contents of the site certificate that you received, including
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
Paste the new certificate information that you copied into the "Certificate" window.
Select Use manually entered certificate from the pull-down menu at the bottom. Click Save Changes.
Install the Intermediate Certificate
You will need to install the intermediate certificate in order for browsers to trust your certificate. The intermediate certificate is attached to your email in the zip file and is available for download form the main support section of the website.
The following will require that you access the httpd config file.
In the GlobalSSL Setting in the httpd.conf file, you will need to complete the following:
Copy the Comodo intermediate to the same directory as httpd.conf and name it ca.txt
Add the following line to the SSL section of the httpd.conf (assuming /etc/httpd/conf is the directory to where you have copied the Intermediate file)
If the line already exists amend it to read the following: SSLCACertificateFile /etc/httpd/conf/ca.txt
Note: If you are using a different location and certificate file names you will need to change the path and filename to reflect the path and file name that you are using.
When you receive your certificates you need to store them in the mydomain directory.
Note: If you obtain a private key file from a source other than the Certificate Request Generator servlet, verify that the private key file is in PKCS#5/PKCS#8 PEM format.
To use a certificate chain, append the additional PEM-encoded digital certificates to the digital certificate that issued for the WebLogic Server (the intermediate CA certificate). The last digital certificate in the file chain will be the Root certificate that is self-signed. (example below:)
-----BEGIN CERTIFICATE-----
MIIB+jCCAWMCAgGjMA0GCSqGSIb3DQEBBAUAMEUxCzAJBgNVBAYTAlVTMRgwFgYD
.....(your Intermediate CA certificate).....
bW1EDp3zdHSo1TRJ6V6e6bR64eVaH4QwnNOfpSXY
-----END CERTIFICATE-----
Configure WebLogic Server to use the SSL protocol, you need to enter the following information on the SSL tab in the Server Configuration window:
In the Server Certificate File Name field, enter the full directory location and name of the digital certificate for WebLogic Server.
In the Trusted CA File Name field, enter the full directory location and name of the digital certificate for Comodo who signed the digital certificate of WebLogic Server. In the Server Key File Name field, enter the full directory location and name of the private key file for WebLogic Server.
Use the following command-line option to start WebLogic Server. -Dweblogic.management.pkpassword=password where password is the password defined when requesting the digital certificate.
Storing Private Keys and Digital Certificates
Once you have a private key and digital certificate, copy the private key file generated by the Certificate Request Generator servlet and the digital certificate you received into the mydomain directory. Private Key files and digital certificates are generated in either PEM or Definite Encoding Rules (DER) format. The filename extension identifies the format of the digital certificate file. A PEM (.pem) format private key file begins and ends with the following lines, respectively:
-----BEGIN ENCRYPTED PRIVATE KEY-----
-----END ENCRYPTED PRIVATE KEY-----
A PEM (.pem) format digital certificate begins and ends with the following lines, respectively:
-----BEGIN CERTIFICATE-----
-----END CERTIFICATE-----
Note: Typically, the digital certificate file for a WebLogic Server is in one file, with either a .pem or .der extension, and the WebLogic Server certificate chain is in another file. Two files are used because different WebLogic Servers may share the same certificate chain.
The first digital certificate in the certificate authority file is the first digital certificate in the WebLogic Server's certificate chain. The next certificates in the file are the next digital certificates in the certificate chain. The last certificate in the file is a self-signed digital certificate that ends the certificate chain. A DER (.der) format file contains binary data. WebLogic Server requires that the file extension match the contents of the certificate file.
Note: If you are creating a file with the digital certificates of multiple certificate authorities or a file that contains a certificate chain, you must use PEM format. WebLogic Server provides a tool for converting DER format files to PEM format, and visa versa.
Note: There are TWO certificates that need to be installed during this process. The first is the "Site" certificate, contained in the email from Comodo. The second is the Intermediate CA certificate; please use the Intermediate CA certificate that came with your site certificate in the zip file. Please follow the steps below:
If you already have a temporary certificate in your /ServerRoot/ssl/certs directory, move, rename or delete it. Run the command "getca servername" where "servername" is the same name created during generation of the key or certificate request ("genkey servername" or "genreq servername"). Open the site certificate in the e-mail from Comodo with a text editor and copy the content (including the lines below), as shown below to your clipboard:
"-----BEGIN CERTIFICATE-----"
and
"-----END CERTIFICATE-----"
Paste the contents into the terminal window where you ran "getca".
Enter Control-D or the appropriate EOF character for your terminal.
Before restarting the server please install the intermediate certificate as below.
Use the Intermediate CA certificate provided with your site certificate and copy the certificate content (including the lines below), as shown below to your clipboard:
"-----BEGIN CERTIFICATE-----"
and
"-----END CERTIFICATE-----"
Paste the content into the file "ssl/certs/ca_new.txt" located in your ServerRoot directory. Change the SSLCACertificateFile directive in your httpd.conf file to point to the intermediate CA file (ca_new):
SSLCACertificateFile ssl/certs/ca_new.txt
Now restart the web server so that the new certificate is loaded.
To install this once you have got to the installation screen you will need to fill in all the correct information into the relevant areas.
Step 1: In the first box you will need to paste your domain / site certificate from the zip file that you received from Comodo.
Step 2: Fill in the required domain / user / IP address information.
Step 3: In the middle box you will need paste the correct RSA private key that was generated with the CSR that you sent to Comodo to get your certificate generated.
Step 4: In the bottom box you will need to paste the correct CA bundle fill for you certificate.
(This is the Intermediate CA certificate in the zip file that was sent to you and is also available from the support section of the website.)
An example of what this should look like when completed is below
Installing your Certificate on Apache via Ensim Webappliance
Step one: Loading the Site Certificate
You will receive an email from Comodo with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:
Copy your Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labelled private.key and the public key will be yourdomainname.crt.
It is recommended that you make the directory that contains the private key file only readable by root.
Login to the Administrator console and select the site that the certificate was requested for.
Select Services, then Actions next to Apache Web Server and then SSL Settings. There should already be a 'Self Signed' certificate saved.
Select 'Import' and copy the text from the yourdomainname.crt file into the box.
Select 'Save', the status should now change to successful.
Logout, do not select delete as this will delete the installed certificate.
Step two: Install the Intermediate
You will need to install the Intermediate CA certificate in order for browsers to trust your certificate. As well as your SSL two other certificates are also attached to the email from Comodo. You will need to install the intermediate CA certificate.
In the Virtual Host settings for your site, in the virtual site file, you will need to add the following SSL directives. This may be achieved by:
1. Copy the intermediate CA file to the same directory as the certificate.
2. Add the following line to the virtual host file under the virtual host domain for your site (assuming /etc/ssl/crt is the directory mentioned in 1.), if the line already exists amend it to read the following:
SSLCACertificateFile /etc/ssl/crt/ca.txt
If you are using a different location and certificate file names you will need to change the path and filename to reflect this.
The SSL section of the updated virtual host file should now read similar to this example (depending on your naming and directories used):
Installing certificates from the certificate authority
After you obtain an x509 certificate from a certificate authority for the SSL Accelerator, you must copy it onto each BIG-IP Controller in the redundant configuration. You can configure the accelerator with certificates using the Configuration utility or from the command line.
To install certificates using the Configuration utility
In the navigation pane, click Proxies. The Proxies screen opens.
On Proxies screen, click the Install SSL Certificate Request tab. The Install SSL Certificate screen opens.
In the Certfile Name box, type the fully qualified domain name of the server with the file extension .crt. If you generated a temporary certificate when you submitted a request to the certificate authority, you can select the name of the certificate from the drop down list. This allows you to overwrite the temporary certificate with the certificate from the certificate authority.
Paste the text of the certificate into the install SSL Certificate window. Make sure you include the BEGIN CERTIFICATE line and the END CERTIFICATE line.
Click the Write Certificate File button to install the certificate.
To install certificates from the certificate authority using the command line
Copy the certificate into the following directory on each BIG-IP Controller in a redundant system:
/config/bigconfig/ssl.crt/
Note: The certificate you receive should overwrite the temporary certificate generated by genkey or gencert.
If you used the genkey or gencert utilities to generate the request file, a copy of the corresponding key should already be in the following directory on the BIG-IP Controller:
/config/bigconfig/ssl.key/
To install the intermediate certificate using the command line
Copy the intermediate CA certificate into each BIG-IP Controller in a redundant system. Open the intermediate CA certificate sent to you in the zip file attached to your email with a text editor.
Cut and paste the entire text of the certificate, including the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- lines, into a file named intermediate-ca.crt. Be careful not to include any leading or trailing whitespace before the beginning and ending hyphens.
Place the intermediate-ca.crt file in the directory /config/bigconfig/ssl.crt/ Note: The ssl.crt directory is used to store certificates and certificate authorities.
WARNING: In a redundant system, the keys and certificates must be in place on both controllers before you configure the SSL Accelerator. You must do this manually; the configuration synchronization utilities do not perform this function.
1. After you receive your SSL certificate save all of the certificate files to a secure location. You will need the site/server certificate and the intermediate CA certificate. (Use the intermediate CA certificate (supplied in the zip file and downloadable from the support section of the website))
2. Click SSL on your control panel home page.
3. Go to the Web Service page and click the Edit icon in the SSL field.
4. In the form that opens, enter the SSL certificate into the box Install Certificate based on previously generated Certificate request and click Upload.
5. Enter the intermediate CA certificate into the box Certificate Chain File and click Install.
Comodo send more than one certificate. In addition to the certificate for your server Comodo send an Intermediate CA Certificate (the Comodo certificate) and a Root CA Certificate (GTE CyberTrust). Before installing the server certificate, install both of these certificates. Follow the instructions in 'Storing a CA certificate'.
Note: If the authority who issues the certificate is not a trusted CA in the key database, you must first store the CA certificate and designate the CA as a trusted CA. Then you can receive your CA-signed certificate into the database. You cannot receive a CA-signed certificate from a CA who is not a trusted CA. For instructions see 'Storing a CA certificate'.
Storing a CA Certificate:
Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
Select Key Database File from the main User Interface, select Open.
In the Open dialog box, select your key database name. Click OK.
In the Password Prompt dialog box, enter your password and click OK.
Select Signer Certificates in the Key Database content frame, click the Add button.
In the Add CA Certificate from a File dialog box, select the certificate to add or use the Browse option to locate the certificate. Click OK.
In the Label dialog box, enter a label name and click OK.
To receive the CA-signed certificate into a key database:
Enter IKEYMAN on a command line on UNIX, or start the Key Management utility in the IBM HTTP Server folder on Windows.
Select Key Database File from the main User Interface, select Open.
In the Open dialog box, select your key database name. Click OK.
In the Password Prompt dialog box, enter your password, click OK.
Select Personal Certificates in the Key Database content frame and then click the Receive button.
In the Receive Certificate from a File dialog box, select the certificate file. Click OK.
Note: IBM has prepared a special guide called "Global Certificate Usage with OS/390 Webservers".
Installing your Certificate on Java Based Web Servers
You will receive 3 files in a zip file from BMH
These must be imported in the correct order: Root
Intermediate CA
domain/site certificate
Please replace the example keystore name 'domain.key' with your keystore name
Use the keytool command to import the certificates as follows: keytool -import -trustcacerts -alias root -file (ROOT CERTIFICATE FILE NAME) -keystore domain.key
Use the same process for the Comodo certificate using the keytool command: keytool -import -trustcacerts -alias INTER -file (INTERMEDIATE CA FILE NAME) -keystore domain.key
Use the same process for the site certificate using the keytool command, if you are using an alias then please include the alias command in the string. Example:
keytool -import -trustcacerts -alias yyy (where yyy is the alias specified during CSR creation) -file domain.crt -keystore domain.key
EXAMPLE BELOW :
The password is then requested.
Enter keystore password: (This is the one used during CSR creation)
The following information will be displayed about the certificate and you will be asked if you want to trust it (the default is no so type 'y' or 'yes'):
Owner: CN= Root, O=Root, C=US
Issuer: CN=Root, O=Root, C=US
Serial number: 111111111111
Valid from: Fri JAN 01 23:01:00 GMT 1990 until: Thu JAN 01 23:59:00 GMT 2050
Certificate fingerprints:
MD5: D1:E7:F0:B2:A3:C5:7D:61:67:F0:04:CD:43:D3:BA:58
SHA1: B6:GE:DE:9E:4C:4E:9F:6F:D8:86:17:57:9D:D3:91:BC:65:A6:89:64
Trust this certificate? [no]:
Then an information message will display as follows:
Certificate was added to keystore
All the certificates are now loaded and the correct root certificate will be presented.
Installing your Certificate on a Lotus Domino Server versions 4.6x and 5.0x
Installing the certificates on Lotus Domino Server requires the certificates to be merged into the Key Ring file.
This process must be completed for both root certificates provided.
In Notes, from the administration panel, click System Databases and choose Open Domino Server Certificate Administration (CERTSRV.NSF) on the local machine.
Click Install trusted root Certificate into Key Ring (option 3).
Enter the file name for the Key Ring that will store this certificate. The Key Ring file was created when you created the server Certificate Signing Request.
Select the correct certificate file from the zip file that was sent to you by email.
Select File in the "Certificate Source" field. Enter the file name in the file name field.
You will need to import the certificates in the below order
Root Certificate (supplied in zip file)
Intermediate CA Certificate (supplied in zip file)
Click "Merge Certificate into Key Ring."
Enter the password for the server key ring file and click OK to approve the merge.
Once all of the root certificates are installed you will need to install the site certificate following the below instructions
Click Install Certificate into Key Ring (Option 4).
Enter the file name for the Key Ring that will store this certificate. The Key Ring file was created when you created the server Certificate Signing Request.
Detach the file from the email to your hard drive and unzip it.
Select File in the "Certificate Source" field. Enter the file name in the file name field.
Click "Merge Certificate into Key Ring."
Enter the password for the server key ring file and click OK to approve the merge.
For additional information, refer to your server documentation.
Securing Your Outlook Web Access 2000 Implementation Using SSL
Certificate Installation
Open Internet Services Manager from your Administrative Tools.
Open the Properties for the Web Site that is hosting OWA (normally the Default Web Site).
Select the "Directory Security" tab and then click on the "Server Certificates" button.
You will now be presented with the "Pending Certificate Request" dialogue box (below), select "Process the pending request and install the certificate", click Next.
The "Process a Pending Request" dialogue box will appear (below), navigate to the site certificate that you received. click Next.
You will now be presented with the "Certificate Summary" (below), click Next.
Next you will need to install the intermediate certificate.
You have now installed the SSL certificate into our web site, the next step is to enable SSL for OWA - this is a pretty simple task.
Using the Internet Services Manager, open the properties for the "Exchange" virtual directory.
Select the "Directory Security" tab and the click on the "Edit" button in the Secure Communication section.
In the "Secure Communications" dialogue box (below), check the box "Require Secure Channel (SSL)", you could also check the box "Require 128-bit encryption", if you do check the 128-bit checkbox, any browsers that do not support 128-bit encryption will be unable to connect to OWA.
When users enter http://ahost.adomain.com/exchange, they will receive an "HTTP 403.4 - Forbidden: SSL required Internet Information Services" error message, because OWA is configured to require SSL. SSL uses the HTTPS protocol, so users would need to enter the url as https://ahost.adomain.com/exchange. Please see the Microsoft article regarding forcing the use of SSL with OWA: http://support.microsoft.com/default.aspx?scid=kb;en-us;234022
One final step that you may need to take is to ensure that your Firewall is configured to allow HTTPS (port 443 by default) to pass through.
Installing the Root and Intermediate Certificates
If you have any problems with the installation of your certificate on IIS 4.x please contact support@bmhsrv.com with your order number.
How to setup Internet Security and Acceleration Server to Host Web Sites by using the Secure Sockets Layer (SSL) Protocol. This information applies to: Microsoft Internet Security and Acceleration Server 2000
You must first export the SSL certificate of the Web site with the associated Private Key. If you do not have this key, ISA server will not allow you to use this certificate for SSL:
Open a blank Microsoft Management Console (MMC).
Add the Certificates snap-in.
When requested, select the options for 'Computer Account' and 'Local Computer'.
Expand Personal, and then expand Certificates. You should see a certificate with the name of your Web site in the 'Issued To' column.
Right-click on the certificate, select All Tasks, and then select Export.
On the Export window, click Next.
Click Yes, ensure you select 'export the private key', and then click Next.
NOTE: If you do not have the option to export the Private key then the private key has already been exported to another computer or the key never existed on this computer. You cannot use this certificate on ISA Server. You must request a new certificate for this site for ISA Server.
Select the option for 'Personal Information Exchange', and then click to select the appropriate check boxes for all three sub-options.
Assign a password and confirm it.
Assign a file name and location.
Click Finish.
NOTE: Ensure that you keep the file safe the SSL protocol depends upon this file.
Copy the file that you created to ISA Server.
On the ISA Server, open the MMC:
Add the Certificate snap-in, as previously instructed.
Click the Personal folder.
Right-click All Tasks, and then click Import.
Click Next on the Import Wizard.
Ensure that your file is listed, and then click Next.
Enter the password for the file (created earlier).
On the sub-option, click to select the 'Mark the private key as exportable' check box.
Leave the import setting on 'Automatically', and then click Next. Click Finish.
Now you will need to import the root and intermediate certificates.
Click the Start Button then select Run and type mmc
Click File and select Add/Remove Snap in
Select Add, select Certificates from the Add Standalone Snap-in box and click Add
Select Computer Account and click Finish
Close the Add Standalone Snap-in box, click OK in the Add/Remove Snap in
Return to the MMC
To install the Root Certificate supplied in the zip file:
Right click the Trusted Root Certification Authorities, select All Tasks, and select Import.
Click Next.
Locate the Root Certificate and click Next.
When the wizard is completed, click Finish.
To install the Intermediate CA Certificate:
Right click the Intermediate Certification Authorities, select All Tasks, and select Import.
Complete the import wizard again, but this time selecting the Intermediate CA Certificate when prompted for the Certificate file.
Ensure that the Root certificate appears under Trusted Root Certification Authorities and the Intermediate CA file appears under
Intermediate Certification Authorities.
Important: You must now restart the computer to complete the install.
Under the Personal folder, when a subfolder called 'Certificates' is displayed, click Certificates and verify that there is a certificate with the name of the Web computer.
Right-click the certificate and then click Properties.
If the 'Intended Purposes' field of the certificate is set to 'All' rather than a list of specific purposes, the following steps must be followed before the certificate can be recognized by ISA Server:
In the Certificate Services snap-in, open the Properties dialog box of the relevant certificate. Change the Enable all purposes for this certificate option to the Enable only the following purposes option, select all of the items, and then click Apply.
Open the ISA Manager and complete the SSL install:
Right-click the server accepting the incoming connection, and click Properties.
Click the Incoming Web Requests tab.
Click the Internet Protocol (IP) address entry for the site that you are going to host, or the 'all IP addresses' entry if you do not have individual IP addresses set up.
Click Edit.
Click to select the Use a server certificate to authenticate to web users check box.
Click Select.
Select your previously imported certificate.
Click OK.
Click to select the Enable SSL listeners check box.
Expand the 'Publishing' folder and click on Web Publishing Rules.
Double click on the Web Publishing Rule that will route the SSL traffic.
On the Bridging tab, choose the option to Redirect SSL requests as: 'HTTP requests (terminate the secure channel at the proxy)'. Click OK.
Restart ISA Server. (note this means a reboot of the server itself not a service restart)
Installing the Root and Intermediate Certificates
If you have any problems with the installation of your certificate on IIS 4.x please contact support@bmhsrv.com with your order number.
Installing your Certificate on on I-Planet Web Server
When you receive your certificates from Comodo there will be your site certificate (named yourdomain.crt) plus 2 others (a Root certificate and an intermediate CA certificate), these 2 must be installed as a certificate chain.
Sign onto the Webserver and select the server to manage.
Select the Security tab and then Install Certificate.
Open the Root in a text editor.
Select Trusted Certificate Authority, enter the password and copy the text from the Root certificate to the Message Text box (including the BEGIN and END lines), then click OK.
Accept the certificate.
NOTE: Do not shutdown or restart the server until all steps have been completed.
Repeat the steps from * above using the text from the Intermediate CA certificate and select Server Certificate Chain.
For the site certificate again repeat the steps from * above, but this time choosing This Server instead of Server Certificate Chain. At this stage all the certificates are installed and SSL now needs to be activated.
Select the Preferences tab and then Encryption On/Off
Set encryption to 'On' and Port to 443, click OK, then Save and Apply.
Comodo (CA) will email you a zip file containing the following :
Root certificate
Intermediate CA certificate
server/domain certificate
The file must be in PKCS #7 format in order to be imported into a Server Certificate object. The file must contain all of the certificates to be imported into the object (the root-level CA certificate, the intermediate CA certificates, and the server certificate).
The method to view the subject is to double click the certificate that Comodo (CA) sent you, then click on the detail tab and go to the subject area.
Steps to successfully install the Certificates:
Import both the "Intermediate CA certificate" and " Root certificate" into Internet Explorer. Do this by double clicking on each of the certificates and choosing import. Make sure they are imported into the correct stores, "Intermediate CA certificate" goes into the intermediate store and "Root certificate" goes into the root store.
Double click the certificate that was signed by Comodo (your server/domain certificate) and go to the details tab, then click on Copy to File. Next, Select "Cryptographic Message Syntax Standard - PKCS #7 Certificates (.P7B)" and select the "Include all certificates in the certification path if possible" check box. Give it a file name for example "c:\mycert". This step will put the Trusted Root, Intermediate Root, and End Server Certificate certificates into one certificate.
Go to Console One and to the certificate that created the Certificate Signing Request (CSR). Go to the Public Key Certificate Tab. Select Import, select "No Trusted Root Certificate available", and then next. Import the Server Certificate that you created above.
After the import you should be able to validate the certificate and use the certificate.
Click on the domain name that the certificate is for.
Click on the 'Certificates' menu item.
There is a button in the middle of the page labelled 'Browse'. Click 'Browse' and navigate to the location of the saved site certificate you received from Comodo. Selecting it, then select 'Send File', this will upload and install the certificate against the corresponding Private Key.
The certificate name will now appear in the list of certificates at the bottom of the page.
Click on the name of the Certificate from the list.
The box on the page labelled 'CA Certificate'. You will need to paste both the Intermediate CA certificate and Root certificates from the .zip file you have received into this box.
They must be pasted this in order, the Intermediate CA certificate first, followed by the Root certificate, the result will look similar to the example below (Please note: no blank line between then end of one certificate and the start of the next):
Now click 'Up Level' from the top right of the screen and choose 'Setup'.
At the top of the page, change the 'SSL Certificate' drop-down menu to the certificate you have just installed.
Click the 'Server' item from the left hand menu.
Click on the 'Service Management' menu item.
You now need to Stop and Start the Apache process.
NOTE: Restarting Apache will NOT work. You must stop the service, then start it again to complete the installation
NOTE: When you add a certificate, it is not installed automatically onto the domain or assigned to an IP address, but only added to the Certificate repository.
You can assign a certificate to an IP address at the Client's IP pool, at the IP aliasing management page, and during hosting creation on an exclusively granted IP.
Importing a Server Certificate and Chain into the SonicWALL SSL Offloader
Chained Certificates
All SonicWALL SSL Offloaders support chained certificates. Once the certificates are unzipped into multiple certificates prior to importing into the SonicWALL SSL Offloader, the certificate will need to be imported using the chained certificate commands. The certificates will have a root certificate, and an intermediate CA certificate in addition to the server/domain certificate.
EXAMPLE - Instructions for using OpenSSL
Now that you have received the certificate, you will need to unzip the certificates up into the root, intermediate and the server certificates so that you can enter them into the SonicWALL SSL Offloader.
Start by unzipping the 3 certificates, you will only need the Intermediate CA file and your Site/Domain certificates.
Launch openssl.exe. This application was installed at the same time and in the same location as the SonicWALL configuration manager. You can also run the install and just install OpenSSL by choosing the 'Custom Installation' option.
Once launched, open the Intermediate CA file and Site/Domain certificates in a text editor
You will need to copy and paste the entire text including
-----BEGIN CERTIFICATE-----
and
-----END CERTIFICATE-----
The Site/Domain certificate is the server certificate.
The intermediate CA file is the intermediary certificate.
Save these files (e.g. C:\server.pem and C:\inter.pem)
Verify the certificate information with openssl: x509 -in C:\server.pem -text (and) x509 -in :C\inter.pem -text
EXAMPLE - Setting Up the Chained Certificates
Now that you have the proper certificates, you start by loading the certificates into certificate objects. These separate certificate objects are then loaded into a certificate group. This example demonstrates how to load two certificates into individual certificate objects, create a certificate group, and enable the use of the group as a certificate chain. The name of the Transaction Security device is myDevice. The name of the secure logical server is server1. The name of the PEM-encoded, CA generated certificate is server.pem; the name of the PEM-encoded certificate is inter.pem. The names of the recognized and local certificate objects are trustedCert and myCert, respectively. The name of the certificate group is CACertGroup.
Start the configuration manager as described in the manual.
Attach the configuration manager and enter Configuration mode. (If an attach or configurationlevel password is assigned to the device, you are prompted to enter any passwords.)
inxcfg> attach myDevice
inxcfg> configure myDevice
(config[myDevice])>
Enter SSL Configuration mode and create an intermediary certificate named CACert, entering into Certificate Configuration mode. Load the PEM-encoded file into the certificate object, and return to SSL Configuration mode. (config[myDevice])> ssl
(config-ssl[myDevice])> cert myCert create
(config-ssl-cert[CACert])> pem inter.pem
(config-ssl-cert[CACert])> end
(config-ssl[myDevice])>
Enter Key Association Configuration mode, load the PEM-encoded CA certificate and private key files, and return to SSL Configuration mode.
(config-ssl[myDevice])> keyassoc localKeyAssoc create
(config-ssl-keyassoc[localKeyAssoc])> pem server.pem key.pem
(config-ssl-keyassoc[localKeyAssoc])> end
(config-ssl[myDevice])>
Enter Certificate Group Configuration mode, create the certificate group CACertGroup, load the certificate object CACert, and return to SSL Configuration mode.
(config-ssl[myDevice])> certgroup CACertGroup create
(config-ssl-certgroup[CACertGroup])> cert myCert
(config-ssl-certgroup[CACertGroup])> end
(config-ssl[myDevice])>
Enter Server Configuration mode, create the logical secure server server1,assign an IP address, SSL and clear text ports, a security policy myPol, the certificate group CACertGroup, key association localKeyAssoc, and exit to Top Level mode. (config-ssl[myDevice])> server server1 create
(config-ssl-server[server1])> ip address 10.1.2.4 netmask 255.255.0.0
(config-ssl-server[server1])> sslport 443
(config-ssl-server[server1])> remoteport 81
(config-ssl-server[server1])> secpolicy myPol
(config-ssl-server[server1])> certgroup chain CACertGroup
(config-ssl-server[server1])> keyassoc localKeyAssoc
(config-ssl-server[server1])> end
(config-ssl[myDevice])> end
(config[myDevice])> end
inxcfg>
Save the configuration to flash memory. If it is not saved, the configuration is lost during a power cycle or if the reload command is used.
inxcfg> write flash myDevice
inxcfg>
When your certificate is issued you will receive 3 certificates:
Yourdomain.crt
ComodoClass3SecurityServicesCA.crt
GTECyberTrustGlobalRootCA.crt
Add the ComodoClass3SecurityServicesCA.crt certificate as Trusted Roots:
Then attach each certificate in turn to your website's Key Pair in the following order. At this point your Key Pair will be black.: Yourdomain.crt
Intermediate CA certificate
Root certificate
Your Key Pair will now turn green.
Stop and Start the server, your site can now be found using the https entry.
When you receive your certificates there will be 3 files, open a text editor and then copy the text from each certificate into the text editor to form one file. The certificates should be pasted in the following sequence, yoursite \yourdomain certificate , Intermediate CA certificate andRoot certificate, and the resulting file should look like the following:
Please note: Make sure you include the -----BEGIN CERTIFICATE----- and -----END CERTIFICATE----- as displayed above.
1. Login to the web server.
2. Select SSL certificates
3. Select Generate CSR (or Replace Certificate) against the certificate set
4. Copy/Paste the text from the text editor into the Signed Certificate box and click OK.
5. Then select Accept this Certificate
6. The certificate set now needs assigning to the web site. Click on the Home icon. Put a tick in the box next to the virtual server to configure and select configure.
7. Click on SSL Enabled.
8. Enable SSL and select the certificate set to use.
9. Apply and commit the changes then restart the web server.
Intel Duo Core
