Install GLOBALTRUST certificate on Apache server

(a) General settings in Apache configuration

The Apache configuration is usually located in the /etc/apache2 directory. It is necessary to open port 443, which enables encrypted data transmission.

For this, in the file /etc/apache2/listen.conf the line Listen 443<c/ode> eingetragen werden.

(b) Sample: Entering an SSL server in configuration

The VHost configurations can be found at /etc/apache2/vhosts.d. A new file for the SSL VHost is created under /etc/apache2/vhosts.d/[servername] with the following content:

<VirtualHost> [IP-Adresse]:443
ServerName [servername]
ServerAdmin [mailadresse]
DocumentRoot /www/htdocs/[servername]
SSLEngine on
SSLCertificateFile /www/ssl/certs/[servername].crt
SSLCertificateKeyFile /www/ssl/private/[servername].key
SSLCACertificatePath /www/ssl/certs
SSLCACertificateFile /www/ssl/certs/ca-bundle.crt
SSLVerifyDepth 10
SSLVerifyClient 0
SSLLog /www/logs/[servername]-cipher_log
TransferLog /www/logs/[servername]-access_log
ErrorLog /www/logs/[servername]-error_log
</VirtualHost>

[servername].crt … file with GLOBALTRUST/A-CERT SERVERCERT certificate
[servername].key … SSL private key file
/www/ssl/certs … Path for managing the root certificates
ca-bundle.crt … file with complete certification path

The GLOBALTRUST SERVER certificate is sent by email in PEM format and must be copied to the file /www/ssl/certs/[servername].crt.

Proceed in the same way with the file /www/ssl/private/[servername].key with the private key generated by the applicant.

The full certification path should be placed at /www/ssl/certs/ca-bundle.crt. In addition to this file, a symbolic link with the hash value as the name must be specified. The complete certification path and hash value can be found under ITEM I-III in the download area of ​​the certificate delivery.

To create the symbolic link, we recommend changing to the /www/ssl/certs directory and executing the ‘c_rehash’ command.

Note: The path specifications ‘/www/htdocs/’ and ‘/www/ssl/’ are suggestions from GLOBALTRUST and may differ from your current Apache configuration. The configuration directives used refer to mod_ssl 2.8. In the course of the development of mod_ssl, some configuration directives were renamed – if anything is unclear, please consult your mod_ssl documentation.

© Customize configuration nameservice

Master-DNS-Server: ns01.x-intern.test / 192.168.20.11

1. Save existing configuration
   []# cp -p /var/lib/named/master/zone.[DOMAINNAME] /var/lib/named/master/zone.[DOMAINNAME].JJJJMMTT
2. Customize Zone:
   []# vi /var/lib/named/master/zone.[DOMAINNAME]
3. Reload configuration
   []# /etc/init.d/named reload
4. Check name service
   — Logging occurs on: ace01:/var/log/ns01/user.all
   []# tail -f /var/log/ns01/user.all |grep named
   — test new entry
   []# dig [NAME].[DOMAINNAME] (e.g. dig mss01.x-intern.test)

(d) Restart Apache-Server

After changing the configuration, the Apache server must be restarted, the server certificate can now be called up worldwide and is valid.
Warning: If you are running an Apache Tomcat server, the configuration process is different. Please follow this link to the relevant original documentation.