1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cant install a second ssl certificate on my server

Discussion in 'General Discussion' started by logikstudios, Aug 26, 2007.

  1. logikstudios

    logikstudios New Member

    Joined:
    Nov 2, 2006
    Messages:
    158
    Likes Received:
    0
    Trophy Points:
    0
    Hi. I am having trouble installing a second ssl certificate on my server. I can install it, but it does not work. When i say this i mean. If i goto xxxxx.com i will get a warning saying there is a problem with my certificate. I look at the certificate it is showing me, it is displaying my servers main certificate.

    Please help.

    Thanks,
     
  2. koolcards

    koolcards Member

    Joined:
    Oct 8, 2003
    Messages:
    146
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Tampa, Fl
    The whole subject is a little long to go into here but check your /usr/local/apache/conf/httpd.conf for the new VirtualHost container you've created for whatever you called that cert (webmaster@secure.whatever.com).

    It should look something like this if it's a cert added to an existing site:


    <IfDefine SSL>
    <VirtualHost xxx.xxx.xxx.xxx:443>
    ServerAdmin webmaster@secure.whatever.com
    DocumentRoot /home/UserName/public_html/secure
    BytesLog domlogs/secure.whatever.com-bytes_log
    ServerName secure.whatever.com
    UserDir public_html
    User UserName
    Group UserName
    ScriptAlias /cgi-bin/ /home/UserName/public_html/secure/cgi-bin/
    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/secure.whatever.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/secure.whatever.com.key
    SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
    SSLLogFile /usr/local/apache/domlogs/secure.whatever.com-ssl_data_log
    CustomLog /usr/local/apache/domlogs/secure.whatever.com-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>


    if it exists, make sure apache has been restarted since it was added.
     
  3. Shelly

    Shelly New Member

    Joined:
    Aug 19, 2006
    Messages:
    3
    Likes Received:
    0
    Trophy Points:
    1
    Second SSL always point to main SSL

    Hello koolcards:

    I have the same problem as the first person has.

    I checked my httpd.conf, only main certificate is listed, so I added the second one as you suggested above.

    Then restarted http service via CPanel WHM.

    BUT The problem is still there.

    When go to Second https site, it still pop up a warning that say I use main certificate.

    Any idea?

    Please let me know.

    Thanks
     
  4. jayh38

    jayh38 Active Member

    Joined:
    Mar 3, 2006
    Messages:
    1,215
    Likes Received:
    0
    Trophy Points:
    36
    I would suggest not adding the entries manually. Use the ssl manager in whm. Also keep in mind that ssl requires a dedicated IP for each certificate.

    ssl/tls > Install a SSL Certificate and Setup the Domain:

    Then simply paste in your crt etc. If this certificate is from another server then simply copy over the csr, key and crt files and go from there. It will find them provided they are in the proper locations. Most likely /usr/share/ssl
     
  5. rachelm

    rachelm Member

    Joined:
    Jan 26, 2005
    Messages:
    94
    Likes Received:
    1
    Trophy Points:
    8
    umm just a thought, but the two SSL's are installed on DIFFERENT IP's right? You can only have one SSL per IP so if you install one on an IP then try to install a second one on the same IP it won't work.
     
  6. anoetic

    anoetic New Member

    Joined:
    Feb 5, 2006
    Messages:
    25
    Likes Received:
    0
    Trophy Points:
    1
    Why multiple entries?

    The problem I am having is that Firefox does not recognize the certifying authority. It does show all the correct info for the cert itself. I'm told that this problem is due to Firefox not getting the correct CA bundle info. So, I looked in the httpd.conf file as suggested above and discovered that there are 3 of the SSL entries for my domain. All 3 are almost identical except the first has no ca-bundle line. The second entry has the following line:


    #SSLCertificateChainFile /usr/share/ssl/certs/sf_issuing.crt

    The third entry has what appears to be the correct line:

    SSLCACertificateFile /usr/share/ssl/certs/www.whatever.com.cabundle

    I've never manually editted the htpd.conf file to add any of these entries. I've always used WHM. So, why are there 3 entries? Could this be causing my problem or are each of these necessary for some reason? Which entry is used by apache if there are multiple entries like this?

    Note that the cabundle file does not have a .crt extension. Again, this is how WHM named it. Does it need a .crt extension to work?

    Finally, is there a way to correct this through WHM?
     

Share This Page