Firstly when your issuance email arrives it will contain your web server certificate. Copy your web server certificate into a text editor such as notepad including the header and footer. You should then have a text file that looks like:
-----BEGIN CERTIFICATE-----
[encoded data]
-----END CERTIFICATE-----
Make sure you have 5 dashes to either side of the BEGIN CERTIFICATE and END CERTIFICATE and that no white space, extra line breaks or additional characters have been inadvertently added.
1. Create a new file consisting of your private key and your certificate file (the webserver certificate contained within the email) as below:
-----BEGIN RSA PRIVATE KEY-----
[encoded key]
-----END RSA PRIVATE KEY-----
[empty line]
-----BEGIN CERTIFICATE-----
[encoded certificate]
-----END CERTIFICATE-----
[empty line]2. Then save the file as yourcert.pem in the /etc/ssl/certs/ directory.
3. When you are setting up the SSL support you will need to access the stunnel configuration file which will probably be available at etc/stunnel/default/stunnel.conf .
4. Open the stunnel.conf and locate the following directives (they may be commented out by #). It may be necessary to add the above directives if they are not present.
verify=3
cert=/etc/ssl/certs/yourcert.pem7. Restart your web / mail service for the installation to be completed. In some instances, it may be necessary to physically restart the actual machine.
Test your certificate by using a browser to connect to your server. Use the https protocol directive (e.g. https://your server/) to indicate you wish to use secure HTTP. The padlock icon on your browser will be displayed in the locked position if your certificates are installed correctly and the server is properly configured for SSL.