Installing a Certificate on a Stronghold Server
Note:There are three certificates that need to be installed during this process. The first is the "Site" certificate, contained in the email from Comodo. The second is the Intermediate CA certificates;please use the Intermediate CA certificate that came with your sitecertificate in the zip file.For positive ssl certificate, in additonal to your domain certificate you will be receiving 3 more files.For Stronghold Server you should use the following two certificates:
Intermediate CA UTNAddTrustServerCA.crt
Intermediate CA PositiveSSLCA.crt
or You can download the Positive ssl Intermediate files from here.
Please follow the steps below:
If you already have a temporary certificate in your/ServerRoot/ssl/certs directory, move, rename or delete it. Run the command "getca servername" where "servername" is the same name created during generation of the key or certificaterequest ("genkey servername" or "genreq servername").Open the site certificate in the e-mail from Comodo with a text editor and copy the content (including the lines below), as shown below to your clipboard:
Paste the contents into the termin al window where you ran "getca".
Enter Control-D or the appropriate EOF character for your termin al.
Before restarting the server please install the intermediate certificate as below.
Use the UTNAddTrustServerCA.crt certificate provided with your site certificate and copy the certificate content (including the lines below), as shown below to your clipboard. Open a text editor. Paste the information on the clipboard into this text file. Save the file as 'ca_new.txt'. It should look like this:
Next, open the second intermediate certificate, PositiveSSLCA.crt. Repeat the process and paste into the same document.
Your fin al doc should look something like this:
Save the file to the location "ssl/certs/ca_new.txt" located in your ServerRoot directory. Change the SSLCACertificateFile directive in your httpd.conf file to point to the intermediate file (ca_new):
Now restart the web server so that the new certificate is loaded