How to install a SSL certificate?

After you get the SSL certificate, either self signed or signed by a CA, you can configure your server to use the certificate. Please follow the following steps:

  1. Create a listener with Secure set to Yes. The official port for SSL is 443, but other port can be used as well.
  2. Click on the newly created listener, then go to the SSL Settings. Then set the Private Key File to where the key file is.
  3. Then set the Certificate File location, this step is different for self signed certificate and the one signed by a CA.
    • For self signed certificate, you only need to set “Certificate File”.
    • For a certificate signed by CA, Usually, it comes with a intermediate certificate file, this certificate is signed by one of the root certificate in a web browser, so your certificate will be trusted by a web browser because the trust relationship among those certificates. You have two ways to install it.
      • One is to set “CA Certificate File” or “CA Certificate Path”, “CA certificate file” is the path to the file, “CA Certificate Path” is the the path to the directory holding the intermediate certificate.
      • Another way is to create a chained certificate, set “Certificate File” to the path of “chained.cert”, “Chained Certificate” should be set to “Yes”. To create the chained certificate, you can concat your certificate file together with the intermediate certificate with a command like:
cat my.cert ca.cert > chained.cert 

You also should specify SSL Version and Encryption Level on the same page, SSLv2 is not recommended. After than, you should add virtual host to listener mapping for the web site that you wish to be secured by the SSL certificate, then restart the server, you should be all set.

If you use a self-signed certificate, the browser will prompt you to accept the certificate, it is normal, if you use a certificate signed by a CA, the browser will accept the certificate automatically without bothering you.

To test it, visit your site and you will see the green lock sign, which implies the https cert is working.

litespeed_wiki/config/ssl-cert-install.txt · Last modified: 2016/08/11 18:00 by Jackson Zhang