Install GLOBALTRUST certificate on Apache server

19. April 2023

(a) General settings in Apache configuration

The Apache configuration is usually located in the /etc/apache2 directory. It is necessary to open port 443, which enables encrypted data transmission.

For this, in the file /etc/apache2/listen.conf the line Listen 443<c/ode> eingetragen werden.

(b) Sample: Entering an SSL server in configuration

The VHost configurations can be found at /etc/apache2/vhosts.d. A new file for the SSL VHost is created under /etc/apache2/vhosts.d/[servername] with the following content:

<VirtualHost> [IP-Adresse]:443
ServerName [servername]
ServerAdmin [mailadresse]
DocumentRoot /www/htdocs/[servername]
SSLEngine on
SSLCertificateFile /www/ssl/certs/[servername].crt
SSLCertificateKeyFile /www/ssl/private/[servername].key
SSLCACertificatePath /www/ssl/certs
SSLCACertificateFile /www/ssl/certs/ca-bundle.crt
SSLVerifyDepth 10
SSLVerifyClient 0
SSLLog /www/logs/[servername]-cipher_log
TransferLog /www/logs/[servername]-access_log
ErrorLog /www/logs/[servername]-error_log

[servername].crt … file with GLOBALTRUST/A-CERT SERVERCERT certificate
[servername].key … SSL private key file
/www/ssl/certs … Path for managing the root certificates
ca-bundle.crt … file with complete certification path

The GLOBALTRUST SERVER certificate is sent by email in PEM format and must be copied to the file /www/ssl/certs/[servername].crt.

Proceed in the same way with the file /www/ssl/private/[servername].key with the private key generated by the applicant.

The full certification path should be placed at /www/ssl/certs/ca-bundle.crt. In addition to this file, a symbolic link with the hash value as the name must be specified. The complete certification path and hash value can be found under ITEM I-III in the download area of ​​the certificate delivery.

To create the symbolic link, we recommend changing to the /www/ssl/certs directory and executing the ‘c_rehash’ command.

Note: The path specifications ‘/www/htdocs/’ and ‘/www/ssl/’ are suggestions from GLOBALTRUST and may differ from your current Apache configuration. The configuration directives used refer to mod_ssl 2.8. In the course of the development of mod_ssl, some configuration directives were renamed – if anything is unclear, please consult your mod_ssl documentation.

© Customize configuration nameservice

Master-DNS-Server: ns01.x-intern.test /

  1. Save existing configuration
    []# cp -p /var/lib/named/master/zone.[DOMAINNAME] /var/lib/named/master/zone.[DOMAINNAME].JJJJMMTT
  2. Customize Zone:
    []# vi /var/lib/named/master/zone.[DOMAINNAME]
  3. Reload configuration
    []# /etc/init.d/named reload
  4. Check name service
    — Logging occurs on: ace01:/var/log/ns01/user.all
    []# tail -f /var/log/ns01/user.all |grep named
    — test new entry
    []# dig [NAME].[DOMAINNAME] (e.g. dig mss01.x-intern.test)


(d) Restart Apache-Server

After changing the configuration, the Apache server must be restarted, the server certificate can now be called up worldwide and is valid.
Warning: If you are running an Apache Tomcat server, the configuration process is different. Please follow this link to the relevant original documentation.

You might be interested in that

What are the costs of not going paperless?

What are the costs of not going paperless?

While digitization reached almost every aspect of daily work, the necessity for handwritten signatures in B2B environments preserves printing paper its crucial role – and incurs costs. However, by implementing e-signatures, businesses can reduce expenses, streamline processes, and contribute to a more sustainable...

read more
Sign and encrypt emails using an Apple iPhone

Sign and encrypt emails using an Apple iPhone

User guide for signing and encrypting emails with the GLOBALTRUST CLIENT certificate on your Apple iPhoneAs of May 10, 2023 1 Basic 1.1 Goals of this document A step-by-step guide on how to add the certificate to your iPhone to then sign and/or encrypt emails. This guide was created for an Apple iPhone (iOS version:...

read more