How to install an SSL certificate (instructions)?

  • Apache – Installation SSL certificate and intermediate certificates [click – to expand]  
    1. In order to install an SSL certificate you need the following files:

       

    2. Place the file on the server which makes your website available, in the relevant directories.

      Usual settings:

      • the previously generated ssl.key private key needs to be placed in the /etc/ssl/ssl.key directory. Note: Only Apache can have access permission to this directory.
      • The yourDomainName.crt and ca-bundle files should be moved to /etc/ssl/ssl.crt directory.

      Important: The above paths serve only as examples. Your server may have different ones — some modification may be required.

       

    3. Edit the SSL configuration file for the web server with a text editor.

      Important: This file location varies depending on the web server configuration.

      For Apache server:

      • Fedora/CentOS/RHEL: /etc/httpd/conf/httpd.conf
      • Debian and Debian based: /etc/apache2/apache2.conf

      Common file names for SSL configuration:

      • httpd-ssl.conf
      • ssl.conf
      • or in the directory: /etc/apache2/sites-enabled/

       

    4. In the VirtualHost configuration of the website to be encrypted, you should add (if there are none) the following entries:
      • SSLEngine on
      • SSLCertificateKeyFile /etc/ssl/ssl.key/server.key
      • SSLCertificateFile /etc/ssl/ssl.crt/yourDomainName.crt
      • SSLCertificateChainFile /etc/ssl/ssl.crt/yourDomainName.ca-bundle (with Apache 1.x SSLCertificateChainFile instead of SSLCACertificateFile should be used)

      Important: The above paths serve only as examples. Your server may have different ones — some modification may be required.

       

    5. Additional configuration:
      • SSLProtocol all
        • in Apache 2.4 enabling SSLv3 and TLSv1 protocols and optionally TLSv1.1 and TLSv1.2 (in OpenSSL 1.0.1 and higher).
        • in Apache 2.2. a SSLProtocol All -SSLv2. directive should be used. The -SSLv2 parameter disables the obsolete SSLv2 protocol support.
      • SSLHonorCipherOrder On – server enforcement of the ciphers use order
      • SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AESGCM:RSA+AES:RSA+3DES:!aNULL:!MD5:!DSS – setting priority for the strong ciphers while at the same time disabling the weak and obsolete ones.

       

    6. Save changes to the configuration file

       

    7. Restart the server with the following commands:
      • Debian or Ubuntu distributions: /etc/init.d/apache2 restart
      • Red Hat/Fedora/CentOS distributions: apachectl restart
      • other commands: /usr/sbin/httpsd restart or /etc/init.d/apache restart

  • IIS 7 – Installation SSL certificate [click – to expand]
    Server certificate installation

    1. On receipt of an email with the SSL certificate for the server, copy it into any text editor and save the file with the .cer extension (e.g.www_moja_domena.cer).

       

    2. In order to „close” previously generated CSR requests on the IIS and upload the SSL certificate received, go to the Internet Information Services (IIS) Manager, and from the left menu select your server name. From the centre panel click the Server Certificates icon, then from the Actions right-hand panel select Complete Certificate Request.

       

    3. Select the file that contains the server certificate issued. In the Friendly name: box enter a friendly name for the certificate, which will help you to identify it, e.g. www.moja-domena.pl. Confirm it with the OK button.

       

    4. The issued server certificate will be displayed in the Server Certificates centre panel.

       

    Linking the certificate to a website

    1. Click on the website name (Default Web Site), then from the Actions menu select Bindings…

       

    2. In the Site Bindings window which will be displayed click Add….

       

    3. In the Add Site Bindings window from the Type: dropdown list select https, then from the SSL certificate: dropdown list select the certificate which you will use for your website. The list displayed includes certificates with their own private keys.

       

    4. With the changes confirmed, the Site Bindings window should look like this:

       

    MMC console configuration

    1. Launch the MMC (Microsoft Management Console) console. From the File menu select Add/Remove Snap-in…

       

    2. Then, from the list of available snap-ins, select Certificates and click on the Add > button.

       

    3. Select Computer account and click on Next>.

       

    4. Select Local computer and click on Finish.

       

  • IIS 7 – Installation of intermediate certificates [click – to expand]

    Intermediate authority certificates are very important for the SSL certificate to work correctly. They should be installed on the web server, so that the web browser can verify the SSL certificate issuer in the correct manner.

    Note: Actions described in this manual should be performed only if there are no certificates installed on the Windows 2008/2012 server system.

     

    Installation of Intermediate certificates

    1. For a Commercial SSL certificate or its MultiDomain/Wildcard option, the following intermediate certificate should be downloaded and installed on the server:

      SHA-2

      Authority key – Certum Domain Validation CA SHA2 (the key is available in different formats):

      SHA-1

      Authority key – Certum Level II CA SHA-1 (the key is available in different formats):

       

    2. For a Trusted SSL certificate or its MultiDomain/Wildcard option, the following intermediate certificate should be downloaded and installed on the server:
      Authority key – Certum Level IV CA SHA-2 (the key is available in different formats):

      Authority key – Certum Level IV CA SHA-1 (the key is available in different formats):

       

    3. For a Premium EV SSL certificate or its MultiDomain/Wildcard option, the following intermediate certificate should be downloaded and installed on the server:

      SHA-2

      1. Authority key – Certum Extended Validation CA (the key is available in different formats):

      SHA-1

      1. Authority key – Certum Extended Validation CA SHA-1 (the key is available in different formats):
      2. Authority key – Certum Trusted Network CA (Cross Certum CTNCA and Certum CA)

       

    Installation of intermediate certificates on a server – step by step

    From the Certificates (Local Computer) tree expand the Intermediate Certification Authorities branch. Select the Certificates item, right-click and from the menu select All Tasks -> Import…

     

    1. In the Certificate Import Wizard click Next.

       

    2. Select the file with an intermediate certificate and click Next.

       

    3. Select a target location where the certificate will be stored. Select Place all certificates in the following store. The Certificate store: box should indicate Intermediate Certification Authorities.

       

    4. Select the file with an intermediate certificate and click Next.

       

    5. If you want to install intermediate certificates for certificates of other types, repeat the above steps (from points 2 to 6).

       

    6. Restart the IIS service.
      Note: In some cases changes in the IIS configuration may not be visible after the service restart. If this is the case, you should restart the Windows operating system.

       

Dear User

Pursuant to Article 13(1)(2) of the General Data Protection Regulation of 27 April 2016 (hereinafter referred to as the “Regulation”), please be informed that:

  • The administrator of your personal data is Asseco Data Systems S.A. with registered office in Gdynia, ul. Podolska 21, 81-321 Gdynia;
  • The Data Protection Officer at Asseco Data Systems S.A. can be contacted at e-mail address: IOD@assecods.pl, tel. +48 42 675 63 60.
  • Your personal data will be processed for the purpose of:
    1. preparing a response to your enquiry, pursuant to Art. 6(1)(b) of the Regulation.
    2. sending marketing information by means of electronic communication and automation software on the basis of the Act on the provision of services by electronic means of 18 July 2002 and in connection with Article 172(1) of the Act “Telecommunications Law” of 16 July 2004 (alternative consent), pursuant to Article 6(1)(a) of the Regulation.
  • Your personal data will be stored for the time necessary to prepare a response to your enquiry and to respond it until you withdraw your consent for receipt of marketing information.
  • You have the right to access the contents of your data and the right to correct it, to have it removed/forgotten, to restrict its processing, to transfer it, to make an objection, to withdraw consent at any time without affecting the lawfulness of processing carried out on the basis of your consent prior to its withdrawal. All the above rights may be exercised through an application submitted at https://www.daneosobowe.assecods.pl
  • You have the right to lodge a complaint with the Regulator if you consider that the processing of your personal data is in breach of provisions of the Regulation.
  • Provision of personal data by you is necessary for the execution of your enquiry. You must provide it, and the consequence of not providing personal data will be that you will not be able to receive a response to your enquiry.
  • Your data will be processed automatically, also in the form of profiling. Automated decision making will be based on the principles of processing personal data supplied at the time of creating an Account and any supplemented data stored in it as well as data concerning activity on the Websites (in accordance with the Privacy Policy of Asseco Data Systems S.A. website Privacy Policy) and activity related to our communication with you through e-mail, and such processing will result in adjustment of marketing information concerning our products and services that may be of interest to you.
Privacy policy