How to Install Certificates on Apache Mod_SSL/OpenSSL
Step one: Copy your certificate to file
You will receive an email with the certificate in the email (yourdomainname.crt). When viewed in a text editor, your certificate will look something like:
Copy your SSL Certificate into the directory that you will be using to hold your certificates. In this example we will use /etc/ssl/crt/. Both the public and private key files will already be in this directory. The private key used in the example will be labeled private.key and the public key will be yourdomainname.crt. It is recommended that you make the directory that contains the private key file only readable by root.
Step two: Install the Intermediate Certificate
You will need to install the Intermediate CA certificates in order for browsers to trust your certificate. The Intermediate CA certificates are contained within the ca-bundle file that was attached to your email in the zip file (this should be named your SERVERNAME.ca-bundle). In the relevant Virtual Host section for your site, you will need to complete the following in get this file correctly reference:
Copy the. SERVERNAME.ca-bundle file to the same directory as certificate and key files and name it ca.txt
Add the following line to the SSL section of the httpd.conf (assuming /etc/httpd/conf/ is the directory to where you have copied the intermediate CA file) If the line already exists amend it to read the following:
If you are using a different location and certificate file names you will need to change the path and filename to reflect the path and file name that you are using. The SSL section of the updated config file should now read similar to this example (depending on the file name and directories used):
Save your config file and restart Apache.
Note: The ssl configuration file will always be referenced in the apache config file if the configuration is not included in it. Look for the lines starting 'include', which is the directive for including other files etc. For example, depending on the distribution, it might be called ssl.conf, httpd-ssl.conf etc