A provider wants to install an SSL certificate on PA billing for the Linux Control Panel server.
In PA billing for Linux, the SSL certificate is configured using standard directives in the Apache configuration file
/etc/httpd/conf.d/ssl.conf on the PA billing application server, namely - SSLCertificateFile and SSLCertificateKeyFile (optional).
In the default installation, the value of SSLCertificateFile directive is set to
/usr/local/bm/etc/httpd/www.crt, so one may put the PEM-encoded SSL certificate and private key into the file
/usr/local/bm/etc/httpd/www.crt. Alternatively, the private key may be put into a separate file, and the path to this file may be provided in the Apache directive SSLCertificateKeyFile.
After SSL certificate is changed, the Apache web server must be restarted:
~# /etc/init.d/httpd restart
Chain SSL Certificate
If the SSL certificate is issued by Certification Authority (CA), which is not included in the list of web browser trusted authorities, customers are shown an alarming warning upon opening the Online Store or the PA billing Control Panel for the first time. The warning message states that the site SSL certificate is unknown (for their browsers) and asks whether to trust the SSL certificate or not.
However, the SSL certificate is absolutely reliable, and is issued by one of the authorized SSL providers. This SSL provider is just not included in the list of browser's default trusted authorities. In this case, the undesirable warning can be suppressed by means of chain certificate.
A certificate chain is a sequence of certificates, where each certificate in the chain is signed by the subsequent certificate. The purpose of a certificate chain is to establish a chain of trust from a peer certificate to a trusted Certificate Authority (CA) certificate. The CA vouches for the identity of the peer certificate by signing it.
The chain SSL certificate is configured with the SSLCertificateChainFile directive, which should point to the file with the certificate chain. Such a file is simply the concatenation of the various PEM-encoded CA Certificate files, usually in certificate chain order.
Refer to Apache documentation for more details about configuring SSL certificates: