Installing VeriSign Certificate

Cognizant Individual ... Lew Randerson

System Configuration (aka
   Red Hat Enterprise Linux WS release 4 (Nahant Update 7) 
   Dual-Core AMD Opteron Processor

   Replace FusionGrid-signed Apache SSL Certificate
   with VeriSign-signed certificate.

     VeriSign Secure Site 3-year certificate
     40-bit minimum to 256-bit SSL encryption
     $100,000 warranty
     VeriSign Secured Seal
     30-day free revoke/replace

   o Purchase Certificate from VeriSign
   o Install Key and Certificate on blackbird.conf
   o Download Intermediate file on blackbird.conf
   o Backup /etc/httpd/conf.d/ssl.conf file
   o Update /etc/httpd/conf.d/ssl.conf file 
     (where DIR=/home/fgcm/SSL_CERTIFICATE)
     - Change SSLCertificateFile entry 
         to DIR/
     - Change SSLCertificateKeyFile entry 
         to DIR/
     - Comment out SSLCACertificatePath entry
         . . .
     - Set SSLCACertificatefile entry
         to DIR/

Impact on Users

   o Browsers will recognize VeriSign signing-authority and
     no longer raise alerts on unrecognized SSL certificate.


   - Restart apache server and inspect /etc/http/logs files
   - Onsite, connect to with
       MAC, Windows, and Linux browsers
   - Offsite, connect to with


  o Restore backed up ssl.conf file and restart apache server
    Verify still works