Apache Server setup for TrustCor SSL


This article will detail the steps for obtaining an SSL on an Apache server using TrustCor Premium DV Certificates.

1. Purchase TrustCor from No-IP.

To learn more about this process, please review our article:
How to Purchase and Configure a TrustCor Premium DV SSL

2. Generate the private key and CSR from the Apache server by running this command in Apache Terminal:

(in this example, we use “apache-trustcor” as the name for the key and csr)

sudo openssl req -nodes -days 365 -newkey rsa:2048 -keyout /etc/ssl/private/apache-trustcor.key -out /etc/ssl/certs/apache-trustcor.csr

3. This will prompt you to fill out the standard info for a CSR, such as country, state, FQDN, etc.

e080e804-8a4e-4208-aafb-1ed35960f72b

4.  View the CSR by running this command in Apache Terminal: (you would replace apache-trustcor.csr  with the name you provided in step 2)

cat /etc/ssl/certs/apache-trustcor.csr

5. Add your CSR to No-IP

Copy the CSR, including everything from

-----BEGIN CERTIFICATE-----

to

-----END CERTIFICATE-----

From your No-IP account, Click My Services at the left, then SSL Certificates.

Locate your available certificate and select Add CSR.

39c9be23-e9cd-4e46-987f-774213acb3ea

Here, you will choose your server type from the drop down menu, paste the CSR we just copied, then click the green Add CSR button to continue.

078ea7fa-9179-49f3-b983-2ae44ab20e13

6. You will now see the section called “SSL Contact Information“.

Fill in the information required. The City, State and Country will be auto-filled from the information generated in the CSR you created. Click the green Confirm button when finished.

835fa720-074e-4dd6-832a-a059d84f1fd1

7. Finally, you will see the section called “DNS Verification Record”.

If your domain is registered with us and you have Plus Managed DNS, we will add the DNS Verification TXT record automatically.

If you are an Enhanced user with us, you will need to copy and paste the DNS Verification TXT record to your DNS Records manually.

If your domain is not registered with No-IP, you will need to copy and paste the DNS Verification TXT record to your DNS Records manually at your current DNS provider.

Click the Continue button once you have review and/or copied this information.

c8a239bd-bc3b-483a-a7aa-751ae6e5a056

8. Wait for Verification. Once your TXT record is created, the SSL should be issued within 30 minutes or less.

If you have not received it within 30 minutes please contact No-IP Support. Until then, the Status will remain in Pending Verification.

d504fbc9-a2be-496f-9019-365df014e02c

After 30 minutes, TrustCor will verify the TXT record and the Status will change to Active.
e69a6a21-f6c7-4998-a2a2-5771259ba91e

9. Download the signed-cert from the No-IP SSL Manager as a PEM file.

From your No-IP account, click My Services at the left, then SSL Certificates.

Find your TrustCor Premium DV and click the Download button.

f0cd42da-a5b6-4016-975d-1d530475c223

Here, use the dropdown menu to select the PEM file type and click the Download button to obtain the file.

bc2ae22d-56e6-42f5-b88a-72e46a5ec3cb

10. Open this with a TXT editor, copy and paste the cert and put it on the machine here:

/etc/ssl/certs/apache-trustcore.pem

To do this, change your directory to this location using this command:

cd /etc/ssl/certs/

Now create an empty file to paste the cert into using this command:

(in this example, I use the name “apache-trustcor” but you can change this)

sudo nano apache-trustcor.pem

Paste everything from

-----BEGIN CERTIFICATE-----

to

-----END CERTIFICATE-----

Save the file to complete the process.

You may need to edit apache SSL configuration, such as a .conf file, modify the default Apache SSL Virtual Host file, modify the HTTP Host File to redirect to HTTPS, enable apache ssl and test the configuration. While we do not support this level of server configuration, you can find many useful guides on the internet, such as this official Apache one:

https://httpd.apache.org/docs/2.4/ssl/

Here, you can find the process needed at Step 2. We do recommend searching for these directions for your specific machines version.

As with any changes to Apache, you may need to restart the Apache server for these changes to take effect.

You have now installed the SSL on your Apache Server and can test this by using https in front of your hostname.

More Information

You can find more information about installing TrustCor SSLs and obtaining TrustCor’s Intermediate Certificates from their Knowledge Base here.