1. Save the certificate you obtain from GlobalSign, in a file called 'myserver.cert'. This file is PEM encoded. ./stronghold/ssl/certs/myserver.mydomain.be.cert 2. You must then install the root cerificate. 3. Stronghold also needs to have access to the chain of certificates of the CA (certificate authority) that signed the certificate. These certificates are placed by GlobalSign in a file that contains several PEM encoded certificates : ./stronghold/ssl/CA/client-rootcerts.pem If the file client-rootcerts.pem does not contain the GlobalSign certificates, then append the following to the file : Bag Attributes friendlyName: GlobalSign Class 3 CA - GlobalSign nv-sa subject=/C=BE/O=GlobalSign nv-sa/OU=Class 3 CA/CN=GlobalSign Class 3 CA issuer= /C=BE/O=GlobalSign nv-sa/OU=Primary Class 3 CA/CN=GlobalSign Primary Class 3 CA -----BEGIN CERTIFICATE----- MIIDRDCCAiygAwIBAgILAgAAAAAA1ni66wEwDQYJKoZIhvcNAQEEBQAwbTELMAkG A1UEBhMCQkUxGTAXBgNVBAoTEEdsb2JhbFNpZ24gbnYtc2ExGzAZBgNVBAsTElBy aW1hcnkgQ2xhc3MgMyBDQTEmMCQGA1UEAxMdR2xvYmFsU2lnbiBQcmltYXJ5IENs YXNzIDMgQ0EwHhcNOTkwMTI4MTIwMDAxWhcNMDQwMTI4MTIwMDAwWjBdMQswCQYD VQQGEwJCRTEZMBcGA1UEChMQR2xvYmFsU2lnbiBudi1zYTETMBEGA1UECxMKQ2xh c3MgMyBDQTEeMBwGA1UEAxMVR2xvYmFsU2lnbiBDbGFzcyAzIENBMIGfMA0GCSqG SIb3DQEBAQUAA4GNADCBiQKBgQCgps41diJSRm/sLIlAUX/NUz22yDq+ZnSniroU lWM7l+Ritno/AT/Ee2ivQ/mRK8VXlf/iIEfxR/PLWNmHsdq7iS2hWBFa1AFki+oR aby6YSS+UVM7X3srt9lpWiMOgTvkz96k9UOHJMnrFW0OFRg8aPqavdjsyVYsi0ng zZt8LwIDAQABo3kwdzAOBgNVHQ8BAf8EBAMCAAYwHQYDVR0OBBYEFIHJewPSF0lj RyL5CSJ1QYXyLv8SMB8GA1UdIwQYMBaAFMw2zBe0RZEv7c87MEh3+7UUmb7jMBEG CWCGSAGG+EIBAQQEAwIABjASBgNVHRMBAf8ECDAGAQH/AgEAMA0GCSqGSIb3DQEB BAUAA4IBAQB3oSPt4fK8UrpeS8PGsZ3mDa1+M5uHbUgkTqdNbZunEERYts9mHqGV cwit70GwgiPSoPYzy0+2nfdXprEa2I6F60fONST3yeiRSrrKiTWazt9qTx+nusQM hfBLZb/4HElFPGo8kPx4AERTPB+3m2GVl3b362mqDBYZg/IOoOLRRha5AV9D2dzG ReSgrdN2XqXGPcFGYREdL9w9Gx63drzvrJWLFEzDEyIepjVsV69jgdDh1H1k+70T i59x87RojaAorrePnIUUQQ7oUIyXEJpoTb5BJJE6cxMVanCrneBcRHNpQKaBBjhL RgJd8fD0YMTlkPuAAYQsc87RkGM3AlRq -----END CERTIFICATE----- Certificate: Data: Version: 3 (0x2) Serial Number: 02:00:00:00:00:00:d6:78:b9:1c:54 Signature Algorithm: md5WithRSAEncryption Issuer: C=BE, O=GlobalSign nv-sa, OU=Root CA, CN=GlobalSign Root CA Validity Not Before: Jan 28 12:00:00 1999 GMT Not After : Jan 28 12:00:00 2009 GMT Subject: C=BE, O=GlobalSign nv-sa, OU=Primary Secure Server CA, CN=GlobalSign Primary Secure Server CA Subject Public Key Info: Public Key Algorithm: rsaEncryption RSA Public Key: (2048 bit) Modulus (2048 bit): 00:f6:6a:ed:a8:6b:30:a3:2d:ac:e9:42:9e:18:35: c0:1e:f7:6f:74:cb:b7:42:24:53:ad:31:cb:ef:a5: c9:c5:3d:03:5e:a5:9d:76:cd:19:e2:e1:16:2d:a4: 2d:44:20:f1:1a:1f:f7:7d:60:cd:a6:c7:15:a9:ab: 8a:a2:c9:66:6c:dd:10:a3:d8:9b:77:29:ee:a6:40: cd:2f:34:36:7f:a3:17:05:0b:cb:58:a5:22:a6:7c: 35:e6:8d:5d:a1:53:c2:9a:c5:da:5d:fe:d8:0e:7d: 3b:22:97:52:2c:dd:b2:3c:0b:90:dc:05:fd:b2:e5: 0a:55:1e:5d:9e:62:fb:7f:e3:b8:96:f4:9f:26:ac: a2:5c:84:d9:82:ba:e0:e8:f5:95:6e:04:0a:96:64: 49:a3:0f:9e:83:a9:63:e7:c9:21:99:6b:a0:16:91: 25:c8:14:d9:bd:dc:ec:3c:77:53:47:56:43:84:7e: d6:63:e5:e3:28:af:3c:4f:c0:7d:b4:18:f6:d7:be: 57:0b:89:db:d6:c1:83:92:92:e3:9c:30:d1:59:4c: a5:71:90:5f:86:07:70:e8:4e:94:14:c9:f2:4e:a3: 80:c2:5a:11:a9:e8:e8:e2:bc:02:9c:bf:38:4d:7a: da:3c:51:63:ee:bc:f8:7c:51:7e:a0:b8:e0:48:a9: af:ad Exponent: 65537 (0x10001) X509v3 extensions: X509v3 Key Usage: critical Certificate Sign, CRL Sign X509v3 Subject Key Identifier: D1:66:83:F5:89:5E:D0:BE:7F:61:D2:DD:A8:CA:FA:2B:7A:4A:7F:31 X509v3 Authority Key Identifier: keyid:60:7B:66:1A:45:0D:97:CA:89:50:2F:7D:04:CD:34:A8:FF:FC:FD:4B X509v3 Basic Constraints: critical CA:TRUE Signature Algorithm: md5WithRSAEncryption