Installing a Certificate on a Stronghold Server

Note: There are four certificates that need to be installed during this process. The first is

the 'Site' certificate, contained in the email from Comodo. The second is the

Intermediate CA certificates; please use the Intermediate CA certificate that came with

your site certificate in the zip file.

For Essential SSL certificate, in additonal to your domain certificate you will be

receiving 4 more files.These files must be imported in the following order:
Root AddTrustExternalCARoot.crt
Intermediate CA UTNAddTrustSGCCA.crt
Intermediate CA ComodoUTNSGCCA.crt
Intermediate CA EssentialSSLCA.crt

Or you can download the EssentialSSLCA files

Please follow the steps below:

If you already have a temporary certificate in your /ServerRoot/ssl/certs directory, move, rename or delete it. Run the command 'getca servername' where 'servername' is the same name created during generation of the key or certificate request ('genkey servername' or 'genreq servername'). Open the site certificate in the e-mail from Comodo with a text editor and copy the content (including the lines below), as shown below to your clipboard:

'-----BEGIN CERTIFICATE-----'
and
'-----END CERTIFICATE-----'

Paste the contents into the terminal window where you ran 'getca'.
Enter Control-D or the appropriate EOF character for your terminal.
Before restarting the server please install the intermediate certificate as below.
Use the UTNAddTrustSGCCA.crt certificate provided with your site certificate and copy

the certificate content (including the lines below), as shown below to your clipboard.

Open a text editor. Paste the information on the clipboard into this text file. Save the

file as 'ca_new.txt'. It should look like this:
'-----BEGIN CERTIFICATE-----'
and
'-----END CERTIFICATE-----'
Next, open the second intermediate certificate, ComodoUTNSGCCA.crt. Repeat the

process and paste into the same document.
Next, open the second intermediate certificate, EssentialSSLCA.crt. Repeat the process

and paste into the same document.
Your final doc should look something like this:
-----BEGIN CERTIFICATE-----
MIIEhjCCA26gAwIBAgIQUkIGSk83/kNpSHqWZ/9dJzANBgkqhkiG9w0BAQUFADBv
MQswCQYDVQQGEwJTRTEUMBIGA1UEChMLQWRkVHJ1c3QgQUIxJjAkBgNVBAsTHUFk
.....
7uRJQ8E5fc8vlqd1XX5nZ4TlWSBAvzcivwdDtDDhQ4rNA11tuSnZhKf1YmOEhtY3
vm9nu/9iVzmdDE2yKmE9HZzvmncgoC/uGnKdsJ2/eBMnBwpgEZP1Dy7J72skg/6b
kLRLaIHQwvrgPw==
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEmTCCA4GgAwIBAgIQPToFJgm2LuWMNik4Y1ThJDANBgkqhkiG9w0BAQUFADCB
lzELMAkGA1UEBhMCVVMxCzAJBgNVBAgTAlVUMRcwFQYDVQQHEw5TYWx0IExha2Ug
.....
xxXAVEvJZhYpY99xq7YHkvrzT/Ix1jLQTTXbW4m4CORo3thHy9de6BaylCGcalu/
tIGG3cXyqHE+3adKtfr4bDs0mptYfU3U01tTI2tJOBahmJ+EXquuP67Of8gX5DKr
xNMvmpAxwpJTlu1yp/7E2jkpUWjtkI2Xjv5FGbc=
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
MIIEyDCCBDGgAwIBAgIEAgACmzANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
.....
zs1x+3QCB9xfFScIUwd21LkG6cJ3UB7KybDCRoGAAK1EqlzWINlVMr5WlvHqvaDj
vA2AOurM+5pX7XilNj1W6tHndMo0w8+xUengDA==
-----END CERTIFICATE-----
Save the file to the location 'ssl/certs/ca_new.txt' located in your ServerRoot

directory. Change the SSLCACertificateFile directive in your httpd.conf file to point to

the intermediate file (ca_new):
SSLCACertificateFile ssl/certs/ca_new.txt

Now restart the web server so that the new certificate is loaded