SSL cert problems

[erinspice]

When you go to my website using https, you get a popup that says "certificate authority might be unknown, certificate might be expired, server configuration might be incorrect." The website shows up correctly if you choose to accept the cert though. My cert was installed through WHM. and WHM said it works. Through cPanel under SSL manager, my CSR, key, and crt all have the same modulus, and my crt doesn't exipre until Jan 12 19:59:47 2008 GMT.

Do you know what the problem could be? Server config looks like this:

Code:

<IfDefine SSL>
<VirtualHost 11.22.33.44:443>
ServerAdmin webmaster@domain.net
DocumentRoot /home/username/public_html
BytesLog domlogs/domain.net-bytes_log
User username
Group username
ServerName domain.net
UserDir public_html

User username
Group username
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domain.net.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.net.key
SSLLogFile /usr/local/apache/domlogs/domain.net-ssl_data_log
CustomLog /usr/local/apache/domlogs/domain.net-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>

[partsace]

Where did you get your cert from? Most of the time, the bottom box will need a bundle.crt to be installed for most browser to know who issued it.

Scott

[erinspice]

Yeah, I had a cabundle.

[Nic]

SSLCertificateFile /usr/share/ssl/certs/domain.net.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.net.key

Where is ca-bundle?
You should try to install it manually via shell.

[Arcie]

SSLCertificateFile /usr/share/ssl/certs/domain.net.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.net.key

Where is ca-bundle?
You should try to install it manually via shell.

I'm having the exact same problem. I'd be happy to add a reference to the ca-bundle, which I have confirmed does exist in /usr/share/ssl/certs/, but how -- exactly -- do I add a reference to it in httpd.conf?

And to confuse things even more, my secure site's VirtualHost entry doesn't reference the certs at all -- and I know they're there (and work -- with that annoying error to the user):

Code:

ServerAlias www.secure.my-domain.com secure.my-domain.com
ServerAdmin webmaster@secure.my-domain.com
DocumentRoot /home/secure/public_html
ServerName www.secure.my-domain.com
User secure
Group secure
CustomLog domlogs/secure.my-domain.com combined
ScriptAlias /cgi-bin/ /home/secure/public_html/cgi-bin/

You'd think this would be a common enough problem that the Code Warriors would fix this -- I searched and found a lot of problems posted, but no actual solutions have been offered....

*sigh*

[Arcie]

First, the quick answer to my own question:

Code:

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/secure.my-domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/secure.my-domain.com.key
SSLCACertificateFile /usr/share/ssl/certs/secure.my-domain.com.cabundle

OK, so how did I figure this out, AND solve the bundle problem (browsers were showing warnings) with my GoDaddy cert?

I *removed* the cert from my server completely (which caused all requests to the site to fail, but such is life for a little while), and then reinstalled it from scratch. Loading the new cert on top of the old one simply didn't work -- tried that many times. But wiping out the cert in WHM and then installing it again worked fine. Whew! Hope that helps others.

[kipper3d]

You must create CSR and install SSL certificates in shell.

SSL has not worked in cpanel or WHM for as long as I can remember. I dont know why the heck they cant fix this!!!

CPANEL FIX THE SSL ISSUES FOR ONCE!

[Arcie]

You must create CSR and install SSL certificates in shell.

SSL has not worked in cpanel or WHM for as long as I can remember. I dont know why the heck they cant fix this!!!

CPANEL FIX THE SSL ISSUES FOR ONCE!

I have not had an issue with that. I created my CSRs and installed the certs via WHM, with only the problem discussed and the solution I posted.

[bmcpanel]

Also, remember if you are using a GoDaddy chained ssl (TurboSSL), you must reference the bundle that comes with the cert.

1. Insert the bundle file somewhere on your server. You can place it wherever you wish. I place mine in.....

/usr/share/ssl/certs/gd_bundle.crt

2. Open the Apache httpd.conf file and add the following directives:

* SSLCertificateFile /path to certificate file/your issued certificate
* SSLCertificateKeyFile /path to key file/your key file
>>* SSLCertificateChainFile /usr/share/ssl/certs/gd_bundle.crt

Make sure the SSLCertificateChainFile correctly points to the path of the gd_bundle.crt file

3. Restart httpd

Voila!