Results 1 to 6 of 6

Thread: Cant install a second ssl certificate on my server

  1. #1
    Registered User
    Join Date
    Nov 2006
    Posts
    158

    Default Cant install a second ssl certificate on my server

    Hi. I am having trouble installing a second ssl certificate on my server. I can install it, but it does not work. When i say this i mean. If i goto xxxxx.com i will get a warning saying there is a problem with my certificate. I look at the certificate it is showing me, it is displaying my servers main certificate.

    Please help.

    Thanks,

  2. #2
    Registered Member koolcards's Avatar
    Join Date
    Oct 2003
    Location
    Tampa, Fl
    Posts
    146

    Default

    The whole subject is a little long to go into here but check your /usr/local/apache/conf/httpd.conf for the new VirtualHost container you've created for whatever you called that cert (webmaster@secure.whatever.com).

    It should look something like this if it's a cert added to an existing site:


    <IfDefine SSL>
    <VirtualHost xxx.xxx.xxx.xxx:443>
    ServerAdmin webmaster@secure.whatever.com
    DocumentRoot /home/UserName/public_html/secure
    BytesLog domlogs/secure.whatever.com-bytes_log
    ServerName secure.whatever.com
    UserDir public_html
    User UserName
    Group UserName
    ScriptAlias /cgi-bin/ /home/UserName/public_html/secure/cgi-bin/
    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/secure.whatever.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/secure.whatever.com.key
    SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
    SSLLogFile /usr/local/apache/domlogs/secure.whatever.com-ssl_data_log
    CustomLog /usr/local/apache/domlogs/secure.whatever.com-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>


    if it exists, make sure apache has been restarted since it was added.

  3. #3
    Registered User
    Join Date
    Aug 2006
    Posts
    3

    Default Second SSL always point to main SSL

    Hello koolcards:

    I have the same problem as the first person has.

    I checked my httpd.conf, only main certificate is listed, so I added the second one as you suggested above.

    Then restarted http service via CPanel WHM.

    BUT The problem is still there.

    When go to Second https site, it still pop up a warning that say I use main certificate.

    Any idea?

    Please let me know.

    Thanks

  4. #4
    Registered Member
    Join Date
    Mar 2006
    Posts
    1,215

    Default

    I would suggest not adding the entries manually. Use the ssl manager in whm. Also keep in mind that ssl requires a dedicated IP for each certificate.

    ssl/tls > Install a SSL Certificate and Setup the Domain:

    Then simply paste in your crt etc. If this certificate is from another server then simply copy over the csr, key and crt files and go from there. It will find them provided they are in the proper locations. Most likely /usr/share/ssl

  5. #5
    Registered Member This forum account has been confirmed by cPanel staff to represent a vendor.
    Join Date
    Jan 2005
    Posts
    94

    Default

    umm just a thought, but the two SSL's are installed on DIFFERENT IP's right? You can only have one SSL per IP so if you install one on an IP then try to install a second one on the same IP it won't work.

  6. #6
    Registered Member
    Join Date
    Feb 2006
    Posts
    25

    Question Why multiple entries?

    Quote Originally Posted by koolcards View Post
    The whole subject is a little long to go into here but check your /usr/local/apache/conf/httpd.conf for the new VirtualHost container you've created for whatever you called that cert (webmaster@secure.whatever.com).


    It should look something like this if it's a cert added to an existing site:


    <IfDefine SSL>
    <VirtualHost xxx.xxx.xxx.xxx:443>
    ServerAdmin webmaster@secure.whatever.com
    DocumentRoot /home/UserName/public_html/secure
    BytesLog domlogs/secure.whatever.com-bytes_log
    ServerName secure.whatever.com
    UserDir public_html
    User UserName
    Group UserName
    ScriptAlias /cgi-bin/ /home/UserName/public_html/secure/cgi-bin/
    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/secure.whatever.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/secure.whatever.com.key
    SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
    SSLLogFile /usr/local/apache/domlogs/secure.whatever.com-ssl_data_log
    CustomLog /usr/local/apache/domlogs/secure.whatever.com-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>

    The problem I am having is that Firefox does not recognize the certifying authority. It does show all the correct info for the cert itself. I'm told that this problem is due to Firefox not getting the correct CA bundle info. So, I looked in the httpd.conf file as suggested above and discovered that there are 3 of the SSL entries for my domain. All 3 are almost identical except the first has no ca-bundle line. The second entry has the following line:


    #SSLCertificateChainFile /usr/share/ssl/certs/sf_issuing.crt

    The third entry has what appears to be the correct line:

    SSLCACertificateFile /usr/share/ssl/certs/www.whatever.com.cabundle

    I've never manually editted the htpd.conf file to add any of these entries. I've always used WHM. So, why are there 3 entries? Could this be causing my problem or are each of these necessary for some reason? Which entry is used by apache if there are multiple entries like this?

    Note that the cabundle file does not have a .crt extension. Again, this is how WHM named it. Does it need a .crt extension to work?

    Finally, is there a way to correct this through WHM?

Similar Threads

  1. Cannot install ssl certificate
    By screege in forum cPanel & WHM Discussions
    Replies: 11
    Last Post: 11-27-2012, 02:32 PM
  2. How to install SSL certificate
    By LivinOnTheRoad in forum New User Questions
    Replies: 2
    Last Post: 02-14-2011, 04:17 PM
  3. Install SSL Certificate
    By d_t in forum cPanel & WHM Discussions
    Replies: 0
    Last Post: 01-31-2010, 05:31 AM
  4. Can't Install SSL Certificate
    By fluxlabs in forum cPanel & WHM Discussions
    Replies: 1
    Last Post: 09-04-2008, 03:15 AM
  5. Ssl Certificate Install ???? Help.
    By techv in forum cPanel & WHM Discussions
    Replies: 2
    Last Post: 02-16-2004, 10:46 PM
bargain