How to install godaddy's ssl on apache

Question

I'm setting up a mail server for a company, I've done everything, generated csr, everything is working, I just need to add godaddy's ssl, the instructions given by godaddy aren't clear, i need some help, we have a centos dedicated server and apache, Any help on how to set it up?

By the way, the main site is hosted on another server, the mail server is used only for serving mails, we used mx records to point the mail server to the main domain, do we have to install ssl on both servers or just one?

Answer 1

So when you generated your CSR you would have specified a CN (Common Name) that corresponds to the specific hostname that you want to use the certificate for.¹ Where ever this hostname lives is where you want to install the certificate. For the sake of sane examples let's use www.example.com as the hostname for your certificate.

When you generated the CSR you would have created two files,

1. A cryptographic key
2. The CSR you shipped off to GoDaddy

So now that you have the signed certificate back from them you'll need to place the following three pieces of information on the webserver that hosts www.example.com

1. The cryptographic key generated when you made the CSR
2. The mysite.crt file provided by GoDaddy
3. The sf_bundle.crt file provided by GoDaddy

Now go to the Apache config file for the www.example.com host. You'll want to add these lines

SSLEngine on
SSLProtocol -ALL +SSLv3 +TLSv1
SSLCipherSuite ALL:!aNULL:!ADH:!eNULL:!LOW:!EXP:RC4+RSA:+HIGH:+MEDIUM

SSLCertificateFile /etc/httpd/ssl/mysite.crt
SSLCertificateKeyFile /etc/httpd/ssl/mysite.key
SSLCertificateChainFile /etc/httpd/ssl/sf_bundle.cer

Replace the paths as necessary, but just make sure you put them someplace safe with root only permissions. Restart httpd and, so long as you did everything right, it should work.

_{1: Not 100% accurate but let's ignore wildcards for the moment.}