SSL Certificate

Understand SHA-1 Algorithm Weakness As Per Google Standards

The software giant Google© has made a crucial decision about deprecating SHA-1 signature algorithm in their extremely popular Chrome browser in order to strengthen the security of the Internet.

Google© has always taken strong actions when it comes to users’ data protection on the Internet. This time, for the sake of Internet security, they have planned to stop trusting the SHA-1 algorithm, which might be susceptible to several cyber-attacks due to inability to keep up with the latest techniques used by the hackers. Google© has been putting in the best efforts to build secure measures for its users.

So it looks like it is finally about time to say good bye to the SHA-1 signature algorithm due to this major modification from Google. So, let’s take a quick look at these changes and how the users need to manage website security based on these developments.

• What is SHA-1 signature algorithm?

  SHA stands for “Secure Hash Algorithm” and the version SHA-1 works on the single hash function, which is known to be vulnerable according to many web security experts.

• What is SHA-2 signature algorithm?

  SHA-2 is the latest version in SHA Algorithm history, and it is the next generation SHA-2 signature algorithm, which includes multiple hash functions to protect user’s data while exchanging them on the Internet.

• Is it safe to use SHA-1?

  The vulnerabilities of SHA-1 are very well known and have been demonstrated many times over. In a practical live environment, it is still safe to use the SHA-1 signature algorithm. However, as per critics and SSL experts, SHA-1 will create security vulnerabilities in near future on the Internet. For that reason, best practices do not recommend SHA-1.

• What if my existing SSL certificate is SHA-1?

  If your certificate is based on SHA-1 algorithm, it is very easy to get it exchanged for a SHA-2 certificate. All you need to do is re-issue your SSL certificate by choosing the algorithm as SHA-2.

• Which Certificate Authorities (CAs) have this new SHA-2 algorithm?

  There are plenty of SSL certificate vendors on the Internet but it gets very difficult to find out exactly which CA has migrated all its SSL certificates and Code Signing Certificates to SHA-2 signature algorithm. We have carried out a little research on this and found that Symantec™, GeoTrust®, Thawte™, and RapidSSL™ offer Low Price SSL certificates with SHA-2 algorithm and technical support by the team of experts.

• What is the difference between SHA-1 and SHA-2 algorithm?

  SHA-1 signature algorithm works on a single 128-bit hash function, whereas SHA-2 signature algorithm works on multiple hash functions.
  SHA-2 signature algorithm is stronger than SHA-1 because it has multiple hash function such as SHA-224, SHA-256, SHA-384, SHA-512, SHA-512/224, SHA-512/256 and out of them SHA-256 bit is widely established and more demanded hash function algorithm. The suffix numbers indicate bit length. So SHA-2’s full set of functions are higher bit-length than SHA-1 and therefore are more secure.

• What is Google’s preparation for the elimination of SHA-1?

  Here is how the upcoming versions of the Google Chrome browser shall react to a SHA-1 SSL certificate.

• Chrome 39 – Public release in early November 2014

  Websites secured by SHA-1 certificates that expire in 2017 or later, on this version will be treated as ‘Secure, but with minor errors’. A small yellow triangle on the padlock will be displayed on the URL as shown below:

  

• Chrome 40 – Branch Point – November 7 2014 & Stable after Holiday Season

  Websites with SHA-1 SSL certificates expiring between June 1 2016 to December 31 2016 will trigger the ‘Secure, but with minor errors’ warning as mentioned above.

  And the websites secured with SHA-1 SSL certificates expiring on or after January 1 2017, will be treated as ‘neutral, lacking security’. In this, the padlock will be replaced by a blank page icon, as shown in the image below:

  

• Chrome 41 – Branch Point – Q1 2015

  All the websites relying on SHA-1 SSL certificates expiring between January 1 2016 to December 31 2016 will trigger the ‘Secure, but with minor errors’, as described above.

  And all SHA-1 SSL certificates expiring on or after January 1 2017 will be treated as ‘affirmatively insecure’. In this, a red cross and red strike-through is displayed on the URL, as shown in the image below:

  

Here is an easy-to-follow chart that shall help you understand the result of the browser-SSL interaction under Google’s new policies:

	Example Dates
Chrome Beta Version Dates	SHA-1 up to Dec 31 2015	SHA-1 Jan 1 2015 to Dec 31 2015	SHA-1 Jun 1 2016 to Dec 31 2016	SHA-1 Jan 1 2017	Advisable Signature Algorithm
Chrome Version 39 Sept 2014
Chrome Version 40 Nov 2014
Chrome Version 41 01 2015

Understand SSL Certificate in Google Chrome Web Browser

Google Chrome is a web browser developed by Google. It was released in 2008, and today, its feature-rich profile and innovative aspects have helped it attain the enviable position of being the most popular web browser in the world. As per one survey in July 2014, about 45% of web users prefer Google Chrome over other options available on the market.

The Google Chrome web-browser is efficiently capable of securing online data. By default, the SSL security in Google Chrome is set to the medium, keeping the level not too strict and neither too open. It is advisable for users to not make any changes to these default settings unless required.

Installation Procedure: How to View SSL certificate in Chrome

The installation procedure given below is based on the assumption that users have already downloaded the root certificate to the network location.

Step 1 – To start with the procedure, first of all, click on the icon of ‘Customize and Control Google Chrome’ menu present on the upper right corner of your screen. See Figure A.

Step 2 – Now, click on ‘Options’ menu.

Figure A

Step 3 – From the window ‘Google Chrome Options’, select the tab ‘Under the Hood’ as shown in Figure B.

Step 4 –In that tab, select the ‘Security’ option. See Figure B.

Figure B

Step 5 – Click on the button ‘Manage Certificate’ just under ‘Select trusted SSL certificates’, as shown in Figure C.

Figure C

Step 6 – After clicking on ‘Manage Certificates’, the ‘Certificates’ window pops open, where users can import, export or remove the SSL certificates. Now, click on the ‘Trusted Root Certification’ tab and click on the ‘Import’ button as shown in Figure D.

Figure D

Step 7 – Now, click on the following two check boxes listed below ‘Computer-wide SSL settings as shown in Figure E.

• ‘Use SSL 2.0 – This is SSL protocol’s older version, which is found to be less secure. In spite of that, there are a few websites that may need visitors to use this version during their browsing session. So, users need to select this option only when you trust the website.
• ‘Server certification revocation’ – Clicking on this check-box, turns on the real-time verification for the website certificate’s validity, for extra security. A third-party issuer can revoke a certificate if that certificate is noticed to be stolen or compromised.

Figure E

Controlled Display of Mixed Content on Secured Pages

Sometimes, the content displayed on an SSL-secured website comes from unreliable sources. Visitors can easily view such content while the web-page loads and the information is being transmitted. There are many types of malicious software that are known to have the potential to modify such insecure contents and make unauthorized changes on websites.

As per the default setting, whenever visitors’ web-browsers come across a webpage with mixed content, an alert icon is displayed at the end of the address bar.

Step 8 – Make the following changes under the section of ‘When there is mixed content on secure (SSL) page”. Users can make changes by choosing any one of the following options in the drop down menu:

• ‘Block all insecure content’: Choosing this option, all insecure images on a page are replaced by broken image icons, and red boxed replace frames and iframes. Nevertheless, by clicking on ‘Show all content’ link present on the top of the page, users can override this setting for some web-pages during their browsing sessions.
• Allow insecure images’: This setting loads all the insecure images on a web-page. However, these insecure images are marked for users’ convenience in spotting them.
• ‘Allow all content to load’: As the name suggests, this setting allows a web-page to load all the web-elements regardless of their security state.

Step 9 – At the end of the procedure, please click on ‘Close’ after making all the changes.

Understand How Vital is SSL Certificate for Your Website?

‘Always On SSL’ by Symantec™, is a critical security measure for all the website owners who are looking to secure the entire user experience. You can now authenticate the identity of the website along with total protection against various cyber attacks like sidejacking, malicious codes, cyber hacking etc. Read on to find out more on why it’s advisable to adopt ‘Always On SSL’.

SSL Certificates Installation Guideline for Nginx Web Server

First of all, create a ‘Certificate Bundle’ to get started with the procedure of SSL installation in Nginx. For creating the bundle, each certificate (SSL certificate, Intermediate certificate and Root certificate) needs to be in the PEM format.

• In a plain text editor, open each certificates.
• Now proceed by creating a new document in a plain text editor.

• Your SSL Certificate
• Intermediate SSL certificate
• Root SSL Certificate

This completes your file and its format should be as follows:
 

-----BEGIN CERTIFICATE-----
#Your SSL Certificate#
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
#Intermediate Certificate#
-----END CERTIFICATE-----
-----BEGIN CERTIFICATE-----
#Root Certificate#
-----END CERTIFICATE-----

 
This newly-created certificate bundle should be saved in a ‘.crt’ format.
After saving it properly, upload the certificate bundle along with the private key to a directory on the Nginx server.
After that, edit the Nginx virtual hosts file.

For that, open the Nginx virtual host file for the website you intend to secure. In case you want your site to be accessible through both, secure (https) and non-secure (http) connections, you need to have a server module for each connection type.

Now proceed by making a copy of the existing non-secure module and pasting it below the original. Add the lines in the format given below:

server{
listen 443;
ssl on;
ssl_certificate /etc/ssl/your_domain.crt;
ssl_certificate_key /etc/ssl/your_domain.key;
server_name your.domain.com;
access_log /var/log/nginx/nginx.vhost.access.log;
error_log /var/log/nginx/nginx.vhost.error.log;
location / {
root /home/www/public_html/your.domain.com/public/;
index index.html;
}
}

 
Please note it is very important to make sure you adjust the file names so as to match your certificate files.

• Ssl_certificate should be your primary certificate which is combined with the root and intermediate certificate bundle created in previous steps. For example, your_domain.crt.
• When you generate the CSR, ssl_certificate_key should be the key file that is created.
• Now restart Nginx.

sudo /etc/init.d/nginx restart

NGINX Wildcard SSL Certificates

NGINX Wildcard SSL Certificate allows multiple servers subdomains security with single SSL certificate.

Buy NGINX Wildcard SSL at Inexpensive Prices

The Norton Secured Site seal is no longer offered starting Oct. 16, 2023.

Tips to Choose The Best Certificate Authority (CA)

Over the years, as the arena of e-commerce flourished, the SSL industry as well, expanded along with it. So much so, that it is now impossible to imagine a safe and successful e-commerce website without an SSL certificate safeguarding it. Whether it’s the new best-seller you are buying from amazon.com or accessing your bank account online, an SSL certificate is always there to safeguard the information you submit online. Just as important as SSLs are the Certificate Authorities (CAs), a trusted third party organization that issues digital certificates. Their duty is to authenticate the identities of the two parties exchanging information. That is the reason all the CAs hold significant importance in data security and e-commerce industry.

This extensive usage of SSL certificates have given way to CAs to come up with SSL certificates with myriad features and characteristics. In fact, the website owners now have too many options to choose from when it comes to zeroing down on an SSL certificate as per the website requirement and a Certificate Authority (CA) issuing one. There are many factors like costing, features etc which need to be considered before choosing an SSL certificate and a CA. Here, we help you get acquainted with few of the major names in the CA industry: Symantec, GeoTrust, Thawte and RapidSSL.

Symantec

Symantec was established in the year 1992, since then it has evolved to become one of the leading SSL certificates’ suppliers across the world. Operating in more than 50 countries across the world, Symantec today houses around 18,500 employees. They are good at providing online security, storage and systems management solutions to support their customers who range from online consumers and small scale businesses to large global organizations. Symantec helps them secure and manage their online businesses.

Why Symantec

Many organizations and e-commerce merchants have chosen Symantec to be their first choice for SSL certificates. Here, we put together few reasons for you to have a look at:

• Outstanding Online Customer Support: Prompt 24/7 customer service is complemented by Express Renewal and 30-day money back guarantee

• Norton Secured Seal: This seal is the most trusted mark on the Internet and is viewed more than half a billion times per day across 170 countries. Symantec’s Seal-In-Search displays Norton Secured Seal next to the links

• More than a Digital Certificate: It helps drive traffic to the website and reduce abandoned transactions. Its features like Norton Security Seal, Search-In-Seal technology work in sync to assure customers that the site is safe and secured.

• Malware Scanning: Symantec SSL certificate protects your website from malware by performing daily website malware scanning
  

Products

Site Seal Importance

Symantec’s Norton Secured Seal is the most trusted mark on the Internet. It is viewed half a billion times per day across about 170 countries. It enables you to grow more traffic and maximize web sales by letting the visitors know that they are browsing and buying from a secured site. More than 40 million desktops using Norton Safe Web across the world see Norton Secured Seal next the trusted websites in the search results.

GeoTrust

Established in 2001, GeoTrust is headquartered in California, US. GeoTrust is world’s second largest digital certificate provider. Previously owned by VeriSign, today GeoTrust is owned by Symantec. More than 100,000 customers across 150 countries rely on GeoTrust to secure their online transactions and websites. Digital certificates and trust products by GeoTrust enable businesses and organizations maximize the security of any web-based transactions at cost-effective rates.

Why GeoTrust

• Quick Turnaround Time: GeoTrust helps you get an SSL certificate in real time. One can even use, manage and renew an SSL very conveniently.

• Cost-efficient: GeoTrust have a wide range of excellent quality certificates that are sold at market-low prices. Also the SAN-enabled certificates offer inexpensive and flexible multi-domain options.

• Unlimited Server Licensing: A single certificate can secure an unlimited number of servers. Re-issuing is free of cost as well.

• Diverse Options: GeoTrust houses a variety of SSL certificates that range from simple domain-validated certificates to business-boosting Extended Validated certificates with green address bar.

Products

Site Seal Importance

Customers’ anxieties and concerns tend to heighten as they submit their personal or financial information on websites. But in case of GeoTrust, all these concerns are put to rest by an assuring symbol of GeoTrust Site seal pasted on the web page. It acts like an instant proof for your customers that they are visiting a website that has a stamp of approval by leading Certificate Authorities for safe e-transactions.

It’s advisable to add these Site Seals to your home page, payment page and other such pages of website where visitors need to verify the website’s authenticity.

Thawte

Established in the year 1995 by Mark Shuttleworth in South Africa, Thawte has quickly grown into one of the most trusted Certificate Authorities. In fact, it was the first Certificate Authority to issue SSL certificates to public entities outside the US. Till date, Thawte has issued more than 945, 000 SSL certificates and code signing certificate across 240 countries.

Thawte was acquired by VeriSign in the year 2000 and continues to prosper as a separate brand. Popular among the small businesses throughout Europe and Asia, Thawte is also chosen by millions across the world for securing their web pages.

Why Thawte

• It accounts for about 40% of global market

• First to provide multi-lingual trust seals, which builds confidence in customers by verifying

• Enables more people to navigate the web safely on their own

• Advanced SSL protection that includes rigorous authentication process and strong infrastructure
  

Products

Site Seal Importance

Thawte was the first one to come up with the concept of a Multi-Lingual Site Seal which is now available in about 18 different local languages. They provide visual reassurance that Thawte has verified the site’s identity and that it’s safe to carry out transactions on that site as they are secured by SSL. The seal is displayed within 2 hours of installing.

On clicking the Trusted Seal on web pages, a seal verification page opens in a new browser window and shows the verified domain name; certificate authority that performed the authentication; and the validity period. In case of full organization validation and Extended Validation, the SSL certificate also displays the organization’s name and location.

Thawte recommends adding the seal script to secured home page, buy page, sign-in page, and all other pages in your secured domain where customers need assurance.

RapidSSL

SSL certificates by RapidSSL are an apt choice to secure small and medium sized businesses and web pages having limited traffic. RapidSSL is owned and operated by GeoTrust, Inc and is focused on providing websites of small/medium enterprises or businesses (SME) with strong protection of 128/256 bit.

RapidSSL certificates are Domain Validated (DV) and issued within few minutes. Their economical range of SSL certificates is very advantageous to SME e-commerce businesses. Their root certificates are compatible with 99% of browsers. A static trust mark of RapidSSL’s site seal is provided that can be displayed on the website along with other display cues like https URL and a closed padlock icon.

Why RapidSSL

RapidSSL’s inexpensive range of SSL certificates happens to be the principle reason behind it being chosen over other brands, especially by small and medium e-commerce websites. There are several other reasons as well which can be listed down as follows:

• Instant issuance

• Complete automated validation

• Root certificate has 99$ browser recognition

• Strong 256-bit encryption

• $10,000 warranty

Products

Site Seal Importance

RapidSSL offers all its clients to display a Site Seal on its (client’s) website. A website seal is of great importance as it ensures website trust and establishes credibility to all the potential customers visiting the website. RapidSSL decided to release an updated version of its logo in the year 2011. It’s a GIF with rotating display of ‘Secured by RapidSSL’, its encryption strength and warranty. This is an entry level certificate that would provide basic validation and authentication of your website. This certificate is perfect for you if you are looking to set up basic web presence and need an SSL certificate right away.

Conclusion

And so, choosing a Certificate Authority can get a bit confusing as there are too many factors involved that are to be taken into consideration. But ultimately the CA you end up choosing has to have the framework, product range and costing that perfectly fit websites’ security needs and your budget at the same time.

SSL Certificate Installation Guideline for Cisco Secure ACS

Cisco Secure Access Control Server is an access policy control platform which helps meet the regulatory and corporate requirements. It helps improve productivity and at the same time supports multiple scenarios like:

• It authenticates administrators, authorizes commands and provides an audit trail.
• Works efficiently with VPN and other remote network access devices to enforce access policies.
• It authenticates and authorizes wireless users and hosts.

Cisco Secure Access Control Server (ACS) uses HTTP by default for all its administrative sessions. Install an SSL certificate follow the steps given below:

Step I – Intermediate Certificate Installation

• Click on System Configuration after logging on to ACS
• Click on ACS Certificate Set-up
• Now select ACS Certification Authority Setup
• Enter the path and file name of the Intermediate certificate in CA certificate box
• Now click on Submit

Step II – Primary Certificate Installation

• Save the Primary certificate, received from your Certificate Authority (CA) as mydomain.com.cer
• Click on System Configuration and login to ACS
• Now click on ACS Certificate Setup
• Select Install ACS Certificate
• Now proceed by choosing Read certificate from file. Enter the path and file name of SSL server certificate which you saved as mydomain.com.cer. Fill out the remaining form and click Submit
• Select System Configuration > Service Control and click on Restart button

Step III – Verification

• Please Click Here to verify your newly installed SSL certificate for any error or inaccuracies, if any, occurred during the installation procedure.

If you are using the different version of CISCO ACS, then we have made it more simple for installing an SSL certificate. Check other guides of SSL installation.

• Install Certificate on the Cisco Secure ACS Appliance for PEAP Clients

SSL Certificates Installation Guideline for BEA Web Logic Web Server

BEA System’s WebLogic is one of the best e-commerce online transaction processing (OLTP) platforms. It’s a server software application which is efficiently developed to connect users in a distributed computing environment to assist the integration of mainframe applications, distributed corporate data and applications.

WebLogic server’s main features are the connectors which helps enable an inter-operation of legacy application on any client along with server applications, Enterprise JavaBean (EJB) components, resource pooling and connection sharing. This makes the applications capable enough to expand and cope with the increased use. An administration console with a user interface eases management tasks like common security features; such as, Secure Socket Layers (SSL) which make applications and transactions very secure by encrypting data transmissions with mechanisms for proper authentication and authorization.

Installing an SSL certificate properly is the best way to maintain authorization secure environment for data transmission. Here’s a step-by-step guide on how to successfully install an SSL on WebLogic.

Installation procedure for SSL Digital Certificate in WebLogic

1. First of all, download from your account the your_domain_com.p7b certificate file. It can be downloaded from the tab of “My Orders” by clicking on the order number and then the blue download link.

2. To install the certificate file to your keystore, run the following command:

keytool -import -trustcacerts -alias server -file your_domain_com.p7b -keystore your_domain.jks

A confirmation message pops up after this which reads “Certificate reply was installed in keystore” after which it asks if you want to trust the certificate, choose ‘y’ or ‘yes’.

The procedure of installing this file loads all the necessary certificates to your keystore. To use it, all you need to do is configure your server.

How to Configuring the Keystore in WebLogic

1. Expand the “Servers” node on your WebLogic server and choose the server you wish to configure.

2. After that, go to Configuration >> Key-stores and SSL
Several default key-stores or previously installed key-stores shall be displayed under ‘Keystore Configuration’.

3. Click the ‘Change…..’ link located under ‘Keystore Configuration’ to enable your new keystore.

4. Select ‘Custom Identity and Java Standard Trust’ as your keystore configuration type. Click on Continue.

5. Enter the full path to the your_domain.jks file on your server under ‘Custom Identity Keystore File Name’.

6. Choose jks for ‘Custom Identity Keystore Type’

7. The ‘Custom Identity Keystore Passphrase’ should be the password that you specified while creating the keystore.
In case you forgot the password, you will have to start the procedure of creating your keystore right from the start.

8. You will, once again be asked to enter the keystore password and confirm it.

9. Click ‘Continue’ and then Finish.

10. Now you got to go back to ‘Servers’ node and select the server you are configuring.

11. After that, go to Configuration >> Key-stores and SSL>> Click ‘Change…..’ link that lay under ‘Keystore Configuration’

12. On the page of ‘Configure SSL’ choose ‘Key Stores’ as the procedure in which identity and trust is stored for the WebLogic server.

13. Specify the ‘Private Key Alias’ and the ‘Passphrase’ which were used while creating your keystore.
‘Server’ is your alias if you are following the set of instructions mentioned here and the Keystore password is your passphrase.

14. Click Continue, then Finish
You will now have to reboot the WebLogic server.

15. Your keystore should now be installed and enabled.

Your browsers’ padlock icon should be displaying the locked position if you have successfully installed the SSL certificate.

Lighttpd SSL Certificate Installation

The followings steps make for a quickest guide to install your SSL certificate in Lighthttpd web server.

Step 1
Download your Primary and Intermediate Certificate which you have received from your Certificate Authority such as yourhostname.crt and certificateauthority.crt. Now store them on the directory of your server, where you have stored your certificate key files. Make that particular directory readable.

Step 2

Now, concatenate your certificate and key files from the following path into a single pem file and in order to do that you need running following command:

Cat yourhostname.key yourhostname.crt > yourhostname.pem

Step 3

Once, you concatenate your certificate and key file into one pem file, you need to now change it in Lighthttpd configuration file.

Open your Lighthttpd configuration file and make changes as mentioned below:

var.confdir = "/etc/lighttpd"
$SERVER["socket"] == "15.15.15.15:443" {
     ssl.engine = "enable"
     ssl.pemfile = var.confdir + "/ yourhostname.pem"
     ssl.ca-file = var.confdir + "/CertificateAuthority.crt"
     server.name = "your.hostname.com"
     server.document-root = "/my/document/root/"
}

Now, before you restart your Lighthttpd web server to authenticate SSL certificate installation, verify that /etc/lighttpd path match your certificate and key file path.

That’s it.

SSL Installation Resources

1. Check your SSL certificate installation with just one click using SSL checker tool.

SSL Checker Tool: https://www.rapidsslonline.com/ssl-tools/ssl-checker.php

SSL Certificate Installation Guideline for Apache Web Server

Are you looking for a quick and easy guide for installing an SSL certificate on your Apache Web Server?

Your search comes to an end with RapidSSLOnline, which offers world’s easiest and fastest SSL installation setup for Apache Web Server.  It helps you How to configure or install an SSL certificate on Apache Web Server without any security errors. Follow these steps for hassle-free SSL certificate installation session.

SSL Installation Guide for Apache Web Server Security

Step 1: Download your primary and RapidSSL intermediate SSL certificates, including the private key in a specific folder on the web server.

Step 2: Now, open the Apache configuration file from the location /etc/httpd using text editor. Normally, the main configuration file in Apache will be named httpd.conf. Now, you can see the <VirtualHost> blocks at the bottom of httpd.conf file. However, in some cases <VirtualHost> will be available at a specific location in the directory such as /etc/httpd/vhosts.d/ or /etc/httpd/sites/ or in a file called ssl.conf.

Step 3: Virtual Host is required in this case where a user wants to access a website in both the versions, such as https and non-https. In order to do so, you need to copy the existing virtual host and change port 80 to 443.

Step 4: Now, add necessary lines in Virtual Host

        DocumentRoot /var/www/website
        ServerName www.name-of-site.com
        SSLEngine on
        SSLCertificateFile /etc/ssl/crt/primary.crt
        SSLCertificateKeyFile /etc/ssl/crt/private.key
        SSLCertificateChainFile /etc/ssl/crt/intermediate.crt

Step 5: Now change your file’s name according to the following instruction to meet the right authentication with certificate files.

SSLCertificateFile would be the primary certificate file for yourhost name

.SSLCertificateKeyFile would be the key file generated when you produce the CSR.

SSLCertificateChainFile would be the intermediate certificate file and it would be made available by a Certificate Authority.

 
Step 6: With this, you have reached the last step of the installation session. Save the following text changes occurred in the virtual host and close the text editor.
 
Step 7: That’s It – Restart your apache web server using restart commands:

/usr/local/apache/bin/apachectl startssl

/usr/local/apache/bin/apachectl restart

Additional Resources for Apache Web Server SSL Certificate Installation

• WildCard SSL Installation on Apache +mod_SSL
• Thawte SSL Installation on Apache Server
• Video Guide: Generating a CSR on Apache Server.
• Video Guide: Installing an SSL certificate on Apache Server.