In order to ensure that Apache is compatible with all browsers, we must install the intermediate certificate on the server. Please go to the intermediate certificate download tool to download, enter your Server.crt, and then download the intermediate certificate. Please save the intermediate certificate as Chain.crt. (Recommended learning: apache use)
Download certificate
If you do not receive the email, you can also go directly to the console to download and issue the certificate A good server certificate and corresponding intermediate certificate.
Please go to the console - order query - view. At the end of the order details, you can download it directly:
In the red box on the left, download the server Certificate, save as Server.crt;
In the red box on the right, download the intermediate certificate, save as Chain.crt.
Apache 2.4.8 and later versions
Apache Since version 2.4.8 (including 2.4.8), the certificate configuration has been modified to some extent and SSLCertificateChainFile has been cancelled. this parameter.
First we need to add the intermediate certificate Chain.crt to the server certificate Server.crt file. Please copy all the contents in Chain.crt and paste it into Server.crt, in order Yes: The first paragraph, the server certificate; the second paragraph, the intermediate certificate, as follows:
-----BEGIN CERTIFICATE----- MIIEsTCCA5mgAwIBAgIDBfoqMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT ……… ……… 服务器证书 ……… ……… T0hUGo/wiwTBUafyk1A+LlSUE+dYqzbHYV9Q4d83UIzz9vXO4wmSRgV0udjGN2GR W7oiGmI= -----END CERTIFICATE----- -----BEGIN CERTIFICATE----- MIIEsTCCA5mgAwIBAgIDBfoqMA0GCSqGSIb3DQEBCwUAMEcxCzAJBgNVBAYTAlVT ……… ……… 中间证书 ……… ……… T0hUGo/wiwTBUafyk1A+LlSUE+dYqzbHYV9Q4d83UIzz9vXO4wmSRgV0udjGN2GR W7oiGmI= -----END CERTIFICATE-----
Upload the Server.crt and Server.key files modified in the previous step to the server, and then modify the Apache configuration File: httpd.conf (some versions will put the ssl configuration in httpd-ssl.conf, or ssl.conf), add the following parameters:
Listen 443 <virtualhost _default_:443> DocumentRoot "${SRVROOT}/htdocs" ServerName www.example.com:443 ServerAdmin admin@example.com SSLEngine on SSLProtocol -all +TLSv1 +TLSv1.1 +TLSv1.2 SSLCipherSuite ECDHE:AES128-SHA:AES128-SHA256:AES256-SHA:AES256-SHA256:DES-CBC3-SHA:!NULL:!aNULL:!RC4:!MD5:!DH SSLCertificateFile "${SRVROOT}/conf/server.crt" SSLCertificateKeyFile "${SRVROOT}/conf/server.key" </virtualhost>
The above is the detailed content of How to install intermediate certificate in apache. For more information, please follow other related articles on the PHP Chinese website!