How to Install Your EssentialSSL DV SSL Certificate

Overview

This guide explains how to install your EssentialSSL DV SSL Certificate. The installation steps depend on your server type: Apache, Nginx, Tomcat, or IIS (Windows).

Certificate Files

After downloading your SSL package, you will see different folders/files:

  • Apache
    XXXXXX.crt – Server certificate
    XXXXXX.key – Private key
    XXXXXX.ca-bundle – Intermediate CA chain
  • Nginx
    XXXXXX.pem – Combined server certificate + intermediate chain
    XXXXXX.key – Private key
  • Tomcat
    Import the certificate into a Java Keystore (.jks).
  • IIS (Windows)
    Import via IIS Manager (.crt or .pfx).
Important: The .key file is your private key. Keep it secure and never share it.

Installation Instructions

1) Apache

Edit your Apache VirtualHost configuration (e.g. /etc/httpd/conf/httpd.conf or /etc/apache2/sites-enabled/your_site.conf):

SSLEngine on
SSLCertificateFile /path/to/XXXXXX.crt
SSLCertificateKeyFile /path/to/XXXXXX.key
SSLCertificateChainFile /path/to/XXXXXX.ca-bundle

Restart Apache:

systemctl restart httpd   # CentOS/RHEL
systemctl restart apache2 # Ubuntu/Debian

2) Nginx

Edit your site configuration (e.g. /etc/nginx/conf.d/your_site.conf):

server {
    listen 443 ssl;
    server_name XXXXXX.com www.XXXXXX.com;

    ssl_certificate /path/to/XXXXXX.pem;
    ssl_certificate_key /path/to/XXXXXX.key;

    ssl_protocols TLSv1.2 TLSv1.3;
    ssl_ciphers HIGH:!aNULL:!MD5;
    ssl_prefer_server_ciphers on;

    location / {
        root /var/www/html;
        index index.html index.php;
    }
}

Test and restart:

nginx -t
systemctl restart nginx

3) Tomcat

Convert certificate to PKCS12:

openssl pkcs12 -export -in XXXXXX.crt -inkey XXXXXX.key \
-certfile XXXXXX.ca-bundle -out keystore.p12 -name tomcat

Import into Java Keystore:

keytool -importkeystore -srckeystore keystore.p12 -srcstoretype PKCS12 \
-destkeystore keystore.jks -deststoretype JKS -alias tomcat

Update server.xml:

<Connector port="8443" protocol="org.apache.coyote.http11.Http11NioProtocol"
           maxThreads="150" SSLEnabled="true">
    <SSLHostConfig>
        <Certificate certificateKeystoreFile="/path/to/keystore.jks"
                     certificateKeystorePassword="yourpassword"
                     certificateKeyAlias="tomcat" />
    </SSLHostConfig>
</Connector>

4) IIS (Windows)

  1. Open IIS Manager → Click Server CertificatesComplete Certificate Request.
  2. Import the .crt (or .pfx) file.
  3. Go to your website → Bindings → Add HTTPS (port 443) → Select the imported certificate.
  4. Save and restart IIS.

Verify Installation

  • Visit: https://XXXXXX.com and confirm the browser padlock appears.
  • Use SSL Labs Test to analyze your SSL deployment.
  • Use Why No Padlock to check for mixed content or SSL issues.

Troubleshooting (FAQ)

  • Browser shows "Not Secure" – The intermediate chain is missing. Use XXXXXX.ca-bundle on Apache or the combined XXXXXX.pem on Nginx.
  • Certificate file will not open – Use a plain text editor (Notepad/nano). Do not use Word.
  • IIS import error – Convert to .pfx and re-import.

Need Help?

If you cannot complete the installation, please tell us your server type (Apache, Nginx, Tomcat, or IIS) and contact our support team.

這篇文章有幫助嗎? 0 用戶發現這個有用 (0 投票)