Upload the certificate files on the server where your web-site is hosted.
In case of Comodo certificates, you should receive the zip archive with *.crt and .ca-bundle files. Geotrust/Thawte/Symantec sends certificates in plain text. Simply save the certificates as txt files. Notepad will meet this demand. For Comodo PositiveSSL the files would appear like the ones below:
or you may receive the CA bundle in separate files as provided below:
Combine CA certificates in the single file.
If you received several CA certificates in separate files, you should combine them in the single file to make the CA bundle. You can also download a completed Bundle file here.
For Comodo PositiveSSL CA certificates these are: AddTrustExternalCARoot.crt, COMODORSAAddTrustCA.crt and COMODORSADomainValidationSecureServerCA.crt
To combine them, run the following command in terminal:
$ cat COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt AddTrustExternalCARoot.crt >> bundle.crt
Edit your Apache VirtualHost file. If you do not have a record for port 443 in your VirtualHost, you should add it manually.
Location of the Configuration file depends on the the server and OS version, some possible examples are listed bellow:
Debian and Debian based: /etc/apache2/apache2.conf
Name of the file may also vary:
The situation for ubuntu on Apache differs, as the configurations for 443 and 80 ports for each site are located in separate files. You can find it at /etc/apache2/sites-enabled/ Edit or create the file with the VirtualHost for 443 port to set up the secure connection.
Actually you can duplicate the record for port 80 (should be in your VirtulHost file by default) and change port 80 to port 443. Simply add it below non-secure module. In addition to the port change, you also need to add the special lines in the record:
# SSLCertificateFile should be pointed to the certificate file that is issued for your domain name.
# SSLCertificateKeyFile should be pointed to the Private Key, which has been generated with the CSR code that you have used for the activation of the certificate.
# SSLCACertificateFile should be pointed to the file with combined CA certificates. In the example we have combined CA certificates in the file bundle.crt In the older Apache versions, the directive might be called SSLCertificateChainFile instead.
Note! Starting from Apache 2.4.8 'SSLCertificateChainFile' directive became obsolete. The chain of intermediate certificates can be added to the file with the domain certificate.
Complete VirtualHost record for port 443 may look like the one below: