Installation of certificate
Here you can find information about installation of certificate at KTH.
Approval of a certificate is sent by e-mail, with links to download the certificate. Example:
| Click the following link to download your SSL certificate
|
Choosing the correct format
The certificate chain consists of a root certificate, one or more intermediate certificates and finally the server certificate. How these are split into files, and in what order they should be provided to the server software configuration, may vary.
Apache httpd
As of Apache httpd version 2.4.8, you can place the entire chain in one file, selected by SSLCertificateFile. It should contain the server certificate as the first entry, and the root certificate as the last. This can be obtained using the URL that ends with format=x509.
For older httpd versions, the server certificate (with format=x509CO in the URL) should be in a file selected by SSLCertificateFile. The rest of the chain, with the root certificate as the last entry (format=x509IOR in the URL) should be in a file selected by SSLCertificateChainFile.
SSLCertificateKeyFile should select the key file used for the CSR.
See also
Nginx
For Nginx, the entire certificate chain (using format=x509 in the URL) should be in a file selected by ssl_certificate.
ssl_certificate_key should select the key file used for the CSR.
See also:
IIS
See Sectigo's instructions for IIS .
Tomcat
You may find it easiest to place Tomcat behind an Apache, Nginx or other proxy. Otherwise, see Sectigo's instructions for importing certificates into Java KeyStore (JKS) and installing certificates in Tomcat's KeyStore .
How do I verify that the certificate configuration is correct?
If the certificate site is accessible on the Internet, there are several websites that can help:
- Sectigo's information
- Sectigo's SSL Checker tool
- Qualys SSL Labs server test (will provide detailed information)
If the server is not accessible from the Internet, OpenSSL can be used. Example:
openssl s_client -connect login.kth.se:443