EnterpriseSSL Certificate Installation: C2Net Stronghold

May 25, 2018 in WebServer

Installing a Certificate on a Stronghold Server

Note: There are two certificates that need to be installed during this process.

  • The first is the 'Site' certificate, contained in the email from Sectigo.
  • The second is the Intermediate CA certificates; please use the Intermediate CA certificate that came with your site certificate in the zip file.

For Enterprise SSL certificate, you will be receiving the following three files from Sectigo:

  • Root AddTrustExternalCARoot.crt
  • Intermediate CA UTNAddTrustServerCA.crt
  • domain/site certificate yourdomainname.crt

Or you can download root and intermediate CA files from here.

Please follow the steps below:

  • If you already have a temporary certificate in your /ServerRoot/ssl/certs directory, move, rename or delete it.
  • Run the command 'getca servername' where 'servername' is the same name created during generation of the key or certificate request ('genkey servername' or 'genreq servername').
  • Open the site certificate in the e-mail from Sectigo with a text editor and copy the content (including the lines below), as shown below to your clipboard:


  • Paste the contents into the terminal window where you ran 'getca'.
  • Enter Control-D or the appropriate EOF character for your terminal.
  • Before restarting the server please install the intermediate certificate as below.
  • Use the UTNAddTrustServerCA.crt certificate provided with your site certificate and copy the certificate content (including the lines below), as shown below to your clipboard.
  • Open a text editor.
  • Paste the information on the clipboard into this text file. Save the file as 'ca_new.txt'. It should look like this:


  • Save the file to the location 'ssl/certs/ca_new.txt' located in your ServerRoot directory.
  • Change the SSLCACertificateFile directive in your httpd.conf file to point to the intermediate file (ca_new): SSLCACertificateFile ssl/certs/ca_new.txt
  • Now restart the web server so that the new certificate is loaded