How To Set Up An SSL Vhost Under Apache2 On Ubuntu 9.10/Debian Lenny - Page 3

7 Configure Firefox To Trust (Optional)

If you use a certificate, your browser most likely doesn't trust this certificate and will show a warning. This chapter explains how you can import the root certificate into Firefox so that it won't show this warning anymore (please read for other browsers like MSIE, Safari or Opera).

Please note that if you run an e-commerce web site, you should better buy a certificate from a trusted CA because you can't ask all your visitors to reconfigure their browsers.

Please visit and click on the Root Certificate (PEM Format) link (

The Downloading Certificate dialogue opens. Click on View to examine the certificate:

Please make sure that the fingerprints are as follows:

SHA1 Fingerprint: 135C EC36 F49C B8E9 3B1A B270 CD80 8846 76CE 8F33
MD5 Fingerprint: A6:1B:37:5E:39:0D:9C:36:54:EE:BD:20:31:46:1F:6B

Click on Close afterwards:

Next check Trust this CA to identify web sites. and click on OK:

Now go to Tools > Options...

... and then to Advanced > Encryption. Click on Revocation Lists:

The Manage CRLs window opens. Click on Import...:

Fill in the following URL and click on OK:

After a few moments you should see the following message. Click on Yes to enable automatic updates:

Check Enable Automatic Update for this CRL and click on OK:

That's it. You should now be able to go to your SSL vhost without getting a browser warning:


8 Links

Share this page:

4 Comment(s)

Add comment


From: at: 2011-06-12 21:26:18

Falko, a well-written article which solved a weekend of frustration configuring Apache2 with an SSL certificate. I decided to subscribe to HowtoForge based solely on the high quality of your article.

 How can I download the Adobe PDF version of this article?

From: Julia Sifers at: 2011-07-08 22:55:05

For a site that accepts both http and https connections, do I need two virtual host files? So for instance, similar to "default" and "default-ssl," would I create "mysite" and "mysite-ssl" and then enable both of these? OR do I just need the "mysite-ssl" virtual host file?

From: at: 2012-03-07 16:03:12

This was the best tutorial on this subject that I came across. I joined this forum because of it.

  For it to work with Oneiric Ubuntu you need to 


SSLCertificateFile /etc/ssl/certs/ 


SSLCertificateFile  /etc/ssl/private/

From: Anonymous at: 2013-11-25 19:14:00

Excellent Howto! Worked for me like a charm. Thanks.