This document provides instructions for installing SSL Certificates. If you are unable to use these instructions for your server, Sectigo recommends that you contact either the vendor of your software or an organization that supports Stronghold.

Step 1. Download the Sectigo RSA CA Certificate

1. Download the Intermediate CA certificate from this link: Sectigo
   Select the appropriate Intermediate CA certificate for your SSL Certificate type.
   NOTE: To check which certificate type you have purchased, check the contents of the zip file issued against the link provided.

2. Copy the Intermediate CA certificate and paste it on a Notepad.

3. Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white spaces, extra line breaks or additional characters have been inadvertently added.

4. Save the file as Sectigorsaca.crt. The file can be saved somewhere easy to access. For example: /usr/local/ssl

5. Paste the contents into the file 'ssl/certs/Sectigorsaca.crt' located in your ServerRoot directory

6. Change the SSLCACertificateFile directive in your httpd.conf file to this: SSLCACertificateFile certs/Sectigorsaca.crt

Step 2. Download your SSL Certificate

1. The Sectigo certificate will be sent by email. The certificate is included as an attachment (Cert.cer) and it is also imbedded in the body of the email.

2. Copy and paste the certificate into a text file using Vi or Notepad and save it with extension .crt
   Do not use Microsoft Word or other word processing programs that may add characters.
   
   The text file should look like:
   -----BEGIN CERTIFICATE-----
   
   [encoded data]
   
   -----END CERTIFICATE-----
   
   Make sure there are 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
   
   You can also download the certificate from your Sectigo Account.
   NOTE: When downloading the certificate from your Sectigo Account, please select Download Zip and extract the contents, copy only the End Entity Certificate.

3. Save the file along with the Intermediate file into a directory on the server. For example: /usr/local/ssl

Step 3. Install the SSL Certificate

1. Run getca and specify both the name of the server that owns the certificate and the name of the temporary certificate file.
2. For example: # getca hostname /tmp/<temp-file-name>
3. This saves the SSL Certificate to the file SSLTOP/certs/hostname.cert Remove the temporary file.
4. For example: # rm/tmp/<temp-file-name>
5. Restart the server
6. To verify if your certificate is installed correctly, use the Qualys SSL Analayzer

Stronghold

For more information, refer to the Stronghold Suport Website