When the Certificate Authority approves your certificate request, the certificate will be sent to you. The certificate will include a server or root certificate, and may also include an intermediate certificate in the case of a certificate chain. The Certificate Authority may also issue instructions on installing the certificate within various server types. The most relevant of these instructions would be for Apache, which is the type used by MacPractice. The Apache instructions sent by the Certificate Authority may differ from the instructions below, however the most important part of any SSL Certificate installation will be installing the server key, intermediate certificate (where applicable), and certificate within the correct folders and editing the MacPracticeServer configuration file to point to these files using the exact file names as the files themselves.
- server-cert.pem: This file is the server certificate, or root certificate. It is the public key in your key pair and will be placed in /Library/MacPracticeServer/Apache/Security/public.
- server-ca.crt: This file is the Intermediate certificate and would only be used in the case of a certificate chain.
- server-key.pem: This file is the private file in your key pair and was created in the CSR process.
sudo chmod 644 /Library/MacPracticeServer/Apache/Security/private/server-key.pemsudo chown _macpractice:admin /Library/MacPracticeServer/Apache/Security/private/server-key.pem
Next, edit the config file to recognize the domain of your MacPractice Server. The MacPracticeServer.conf file is located in /Library/MacPracticeServer/Apache/conf . Open this file in TextWranger or TextEdit and look for the following line:
- SSLCertificateFile "/Library/MacPracticeServer/Apache/Security/public/server-cert.pem"
- SSLCertificateKeyFile "/Library/MacPracticeServer/Apache/Security/private/server-key.pem"
- SSLCertificateChainFile "/Library/MacPracticeServer/Apache/conf/server-ca.crt"
#Point SSLCertificateFile at a PEM encoded certificate. If
#the certificate is encrypted, then you will be prompted for a
#pass phrase. Note that a kill -HUP will prompt again. Keep
#in mind that if you have both an RSA and a DSA certificate you
#can configure both in parallel (to also allow the use of DSA
#Server Private Key:
#If the key is not combined with the certificate, use this
#directive to point at the key file. Keep in mind that if
#you've both a RSA and a DSA private key you can configure
#both in parallel (to also allow the use of DSA ciphers, etc.)
#Server Certificate Chain:
#Point SSLCertificateChainFile at a file containing the
#concatenation of PEM encoded CA certificates which form the
#certificate chain for the server certificate. Alternatively
#the referenced file can be the same as SSLCertificateFile
#when the CA certificates are directly appended to the server
#certificate for convenience.
To complete the process, restart Apache on the MacPractice Server with the following Terminal command:
sudo /Library/MacPracticeServer/Apache/bin/apachectl restart
Once the server has restarted, open /Library/MacPracticeServer/Apache/logs/error_log and look for timestamps after the restart. If any timestamps indicate that there is not a match, check that the correct certificate has been installed and that the domain name matches the certificate, the .conf file, and your DNS setup. Timestamps indicating there is not a match may look like the following:
[Wed Sep 28 14:50:06 2011] [warn] RSA server certificate CommonName (CN) `localhost' does NOT match server name!?
[Wed Sep 28 14:50:06 2011] [warn] RSA server certificate CommonName (CN) `*.yourdomain.com' does NOT match server name!?