https://masspirates.org/wiki/index.php?action=history&feed=atom&title=How_to_install_a_new_HTTPS_CertificateHow to install a new HTTPS Certificate - Revision history2026-05-09T17:34:07ZRevision history for this page on the wikiMediaWiki 1.41.0https://masspirates.org/wiki/index.php?title=How_to_install_a_new_HTTPS_Certificate&diff=2856&oldid=prevSrevilak: Created page with "Our certificate vendor delivers certificates via email. The email message typically contains two certificates (in the body of the message). # Our website certificate # The v..."2015-03-29T18:29:15Z<p>Created page with "Our certificate vendor delivers certificates via email. The email message typically contains two certificates (in the body of the message). # Our website certificate # The v..."</p>
<p><b>New page</b></p><div>Our certificate vendor delivers certificates via email. The email<br />
message typically contains two certificates (in the body of the<br />
message).<br />
<br />
# Our website certificate<br />
# The vendor's intermediate certificate<br />
<br />
Save the website certificate to a file like "masspirates.org.crt.YYYY"<br />
(where YYYY is the year where the certificate was issued). If that<br />
file already exists on the server, use YYYYMMDD, or similar to make<br />
the file name unique.<br />
<br />
Save the vendor's intermediate certificate to a file like<br />
"masspirates.org.ca.YYYY".<br />
<br />
Scp the files to our web server. They go in the directory<br />
~/masspirates.org/include/cert.<br />
<br />
It's a good idea to verify the new certificate before installing.<br />
First, make sure that the new certificate's modulus matches the key<br />
modulus.<br />
<br />
$ openssl x509 -modulus -in masspirates.org.crt.2015 -noout | openssl md5<br />
(stdin)= d3b07384d113edec49eaa6238ad5ff00<br />
<br />
$ openssl rsa -modulus -in masspirates.org.ssls.key -noout | openssl md5<br />
(stdin)= d3b07384d113edec49eaa6238ad5ff00<br />
<br />
Note that the two stdin lines match. That means the private key and<br />
certificate have the same modulus. If the moduli don't match, then<br />
you've got the wrong certificate, and it won't work.<br />
<br />
(Note: the md5 sums above are illustrative. They're not the actual<br />
values)<br />
<br />
Next, make sure the certificate file validates against the<br />
intermediate CA.<br />
<br />
$ openssl verify -CAfile masspirates.org.ca.2015 masspirates.org.crt.2015 <br />
masspirates.org.crt.2015: OK<br />
<br />
"OK" is the answer you want to see.<br />
<br />
Once you've done this, go into our hosting provider's control panel,<br />
and edit the webserver configuration.<br />
<br />
* SSLCertificateFile should reference the new masspirates.org.crt.YYYY<br />
* SSLCertificateChainFile should reference the new masspirates.org.ca.YYYY<br />
<br />
Save your changes, wait a few moments for the web server to reload.<br />
Visit https://masspirates.org and verify it looks okay. Also verify<br />
that the certificate expiration date is what you expect it to be.<br />
<br />
Finally, go back to ~/masspirates.org/include/cert (on the web<br />
server). Move the old certificates into the "OLD" directory.</div>Srevilak