richhollis/install-positive-ssl-wildcard-certificate-from-comodo-for-apache.md

Last active August 29, 2015 14:07

Star (1) You must be signed in to star a gist
Fork (0) You must be signed in to fork a gist

Learn more about clone URLs
Clone this repository at <script src="https://gist.github.com/richhollis/9450bae78a1a98be5f4c.js"></script>
Save richhollis/9450bae78a1a98be5f4c to your computer and use it in GitHub Desktop.

Download ZIP

Raw

install-positive-ssl-wildcard-certificate-from-comodo-for-apache.md

Setting up a PositiveSSL Wildcard Certificate from Comodo for Apache with Trusted by Microsoft and Firefox

This gist was greatly helped by the direction in this gist:

https://gist.github.com/bradmontgomery/6487319

Examine your certificate in the browser (Chrome):

Click on the padlock
Click Connection
Click Certificate Information
Click Details
Inspect the "Certificate Hierarchy"
Work from the bottom up of the hierarchy to construct your cat command - e.g.
*.yourdomain.com
PositiveSSL CA 2
AddTrust External CA Root
UTN DATACorp SGC Root CA

Create bundle

You should have PositiveSSLCA2.crt and AddTrustExternalCARoot.crt in the ZIP file that was mailed to you from Comodo. Get utnaddtrustsgcca.crt from Comodo support website or here: https://support.comodo.com/index.php?/Default/Knowledgebase/Article/View/897/0/intermediate-2-utnaddtrustsgcca

cat STAR_yourdomain_com.crt PositiveSSLCA2.crt AddTrustExternalCARoot.crt utnaddtrustsgcca.crt > ssl-bundle.crt

Update apache config with bundle

SSLEngine on
SSLCertificateFile /etc/ssl/STAR_yourdomain_com.crt
SSLCertificateKeyFile /etc/ssl/yourdomain_com.key
SSLCertificateChainFile /etc/ssl/ssl-bundle.crt

Restart apache

Test with SSL Analyzer

https://sslanalyzer.comodoca.com/?url=yourdomain.com

SSL Analyzer should now report trusted by Microsoft and Firefox correctly:

Trusted by Microsoft? Yes
Trusted by Firefox? Yes

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment