...
- Issuing CA for GEANT OV TLS (ECC): CN=GEANT TLS ECC 1,O=Hellenic Academic and Research Institutions CA,C=GR
- Cross-signed Intermediate Root CA for GEANT OV TLS (ECC): CN=HARICA TLS ECC Root CA 2021,O=Hellenic Academic and Research Institutions CA,C=GR (for maximum compatibility applications, otherwise do not include in chain)
Installation in Apache httpd's mod_ssl
To create the 'CertificateChainFileSSLCertificateChainFile' for Apache, concatenate the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety), and specify this file in the Apache mod_ssl configuration. The server certificate itself goes into a separate file ('SSLCertificateFile') in PEM format, and the private kay also in its own file ('SSLCertificateKeyFile').
Installation in Nginx
For Nginx in the ssl_certificate
directive in the http {}
section, you would include your server certificate (downloaded from CM), the issuing CA (e.g. CN=GEANT TLS RSA 1) and the cross-signed root (e.g. CN=HARICA TLS RSA Root CA 2021 in its cross-signed variety) in that order in a single file. The private key goes (separately) in the file specified under ssl_certificate_key
.
...