Complete guide to get XRAMP and others certificates fully work without a problem

**Misiek** · 07-11-2006 03:19 PM

I wrote this guide because i've seen that there are many people with problems like mine so let's go

When we get ssl certificate from for example xramp or other company which requires cabundle we do what follows :

INSTALLING SSL CERTIFICATE FOR CPANEL AND WHM :

Step one :
Go to
cd /usr/local/cpanel/etc/
cp cpanel.pem cpanel.pem.backup

Create a file called cpanel.pem which have inside the ssl certificate and ssl private key and copy it into this folder.

The certificate is still no valid because of incorrect ca so we do what follows :
cd /usr/local/cpanel/etc/
cp mycpanel.cabundle mycpanel.cabundle.backup

Rename SSLbundle.crt from xramp or any other ca file to mycpanel.cabundle and copy it to this folder

Do : service cpanel restart
If u get Starting SSL certificate [failed] go here

http://forums.cpanel.net/showthread....tarting+failed

And thats it now we have a working certificate for cpanel and WHM

INSTALLING SSL CERTIFICATE FOR POP AND SMTP

This was for me the hardest part because of errors and incompatibilities

Let's go :

For courier-imap users

First we will do pop3 certificate so

insert sslbundle.crt from xramp or other company into /etc/ssl/

copy your pem file which contains ssl certificate and key to /etc/ssl/private and name it ca.pem for example

Go to /usr/lib/courier-imap/etc

Edit file pop3d-ssl

Change that :
TLS_CERTIFICATE=/etc/ssl/private/ca.pem
TLS_TRUSTCERTS=/etc/ssl/sslbundle.crt

save and exit

Edit imapd-ssl

Change that :

TLS_CERTIFICATE=/etc/ssl/private/ca.pem
TLS_TRUSTCERTS=/etc/ssl/sslbundle.crt

Save and exit

now do :
service courier-imap restart

LAST THING EXIM

edit /etc/exim.conf

tls_certificate = /etc/exim.pem <- this file should be provided form xramp or any other company IMPORTANT chmod 644 /etc/exim.pem

tls_privatekey = /etc/exim.key <- this file should contain RSA PRIVATE KEY
And finally
service exim restart

We should have ssl on whole server

If you have any suggestions write it here !

**bradandersen** · 09-14-2006 08:32 PM

Thank you!

keywords:

change cpanel/whm ssl certificate
modify cpanel ssl certificate
reset cpanel ssl certificate
update cpanel ssl certificate

**ffeingol** · 09-15-2006 09:27 AM

Originally Posted by Misiek

INSTALLING SSL CERTIFICATE FOR CPANEL AND WHM :

Step one :
Go to
cd /usr/local/cpanel/etc/
cp cpanel.pem cpanel.pem.backup

Create a file called cpanel.pem which have inside the ssl certificate and ssl private key and copy it into this folder.

The certificate is still no valid because of incorrect ca so we do what follows :
cd /usr/local/cpanel/etc/
cp mycpanel.cabundle mycpanel.cabundle.backup

Rename SSLbundle.crt from xramp or any other ca file to mycpanel.cabundle and copy it to this folder

No offense, but I think your really doing this the hard way. When you go to add the cert for WHM there are three text entry areas:

1) "Past the entire .crt file here:" (you put your cert in here)
2) "Paste the entire .key file here:" (this one normally auto fills in)
3) "Paste the cabundle here (optional):"

#3 is there you paste in the ca bundle that you get from Xramp. That will then get automagically meerged into the cabundle for WHM. You may still ahve to go through the manual stunnel restart, but that is another issue.

Frank

**flash7** · 10-05-2006 01:07 PM

Originally Posted by Misiek

LAST THING EXIM

edit /etc/exim.conf

tls_certificate = /etc/exim.pem <- this file should be provided form xramp or any other company IMPORTANT chmod 644 /etc/exim.pem

tls_privatekey = /etc/exim.key <- this file should contain RSA PRIVATE KEY
And finally
service exim restart

We should have ssl on whole server

If you have any suggestions write it here !

Are you sure?
Because in my exim.conf tls_certificate = /etc/exim.crt and chmod is 600 !!!

**Misiek** · 10-05-2006 01:37 PM

Yep definatly it must be done like i said

**flash7** · 10-05-2006 01:41 PM

Ok, but /etc/exim.pem doesn't exist on my server

**Misiek** · 10-05-2006 04:54 PM

exim.pem is a file which Xramp gave you, just rename xxx.pem to exim.pem and thats all

**hekri** · 01-31-2007 09:27 AM

Everything is ok but SSL dont work pop3, smtp, imap in the bat mail program, program tells:

>2007-01-31, 15:25:35: FETCH - Certificate S/N: 7149FF7482F1B, algorithm: RSA (1024 bits), issued from 30.01.2007 to 30.01.2008, for 1 host(s): name.myserver.com.
>2007-01-31, 15:25:35: FETCH - Owner: Domain Control Validated, PositiveSSL, name.myserver.com.
>2007-01-31, 15:25:35: FETCH - Issuer: GB, Greater Manchester, Salford, Comodo CA Limited, PositiveSSL CA.
!2007-01-31, 15:25:35: FETCH - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
2007-01-31, 15:25:36: FETCH - TLS handshake complete
2007-01-31, 15:25:36: FETCH - connected to POP3 server

In Outlook express and tunderbird seems to be working ok, but why not with the bat? Option add certificate to the trusters isnt active

**Misiek** · 01-31-2007 02:37 PM

You sure you have correct sslbundle.crt

**hekri** · 01-31-2007 03:56 PM

I spend couple hours and have effect, fint in the comodo.com top certificate owner that was not added to the ca-bundle i add it manually to cabundle and now the bat see that i could add certificate to the trusted certificates (positive SSL ca-bunde file bug

LinkBack

Thread Tools

Complete guide to get XRAMP and others certificates fully work without a problem

Change CPanel / WHM SSL Certificate

WHM not working after complete installation

not working after complete installation

complete guide in pdf?

Guide to Installıng Cpanel - A Guide for dummies

exim is showing as failed in WHM but its fully working