Cant install a second ssl certificate on my server

[logikstudios]

Hi. I am having trouble installing a second ssl certificate on my server. I can install it, but it does not work. When i say this i mean. If i goto xxxxx.com i will get a warning saying there is a problem with my certificate. I look at the certificate it is showing me, it is displaying my servers main certificate.

Please help.

Thanks,

 

[koolcards]

The whole subject is a little long to go into here but check your /usr/local/apache/conf/httpd.conf for the new VirtualHost container you've created for whatever you called that cert ([email protected]).

It should look something like this if it's a cert added to an existing site:


<IfDefine SSL>
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerAdmin [email protected]
DocumentRoot /home/UserName/public_html/secure
BytesLog domlogs/secure.whatever.com-bytes_log
ServerName secure.whatever.com
UserDir public_html
User UserName
Group UserName
ScriptAlias /cgi-bin/ /home/UserName/public_html/secure/cgi-bin/
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/secure.whatever.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/secure.whatever.com.key
SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
SSLLogFile /usr/local/apache/domlogs/secure.whatever.com-ssl_data_log
CustomLog /usr/local/apache/domlogs/secure.whatever.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>


if it exists, make sure apache has been restarted since it was added.

 

[Shelly]

Second SSL always point to main SSL

Hello koolcards:

I have the same problem as the first person has.

I checked my httpd.conf, only main certificate is listed, so I added the second one as you suggested above.

Then restarted http service via CPanel WHM.

BUT The problem is still there.

When go to Second https site, it still pop up a warning that say I use main certificate.

Any idea?

Please let me know.

Thanks

 

[jayh38]

I would suggest not adding the entries manually. Use the ssl manager in whm. Also keep in mind that ssl requires a dedicated IP for each certificate.

ssl/tls > Install a SSL Certificate and Setup the Domain:

Then simply paste in your crt etc. If this certificate is from another server then simply copy over the csr, key and crt files and go from there. It will find them provided they are in the proper locations. Most likely /usr/share/ssl

 

[rachelm]

umm just a thought, but the two SSL's are installed on DIFFERENT IP's right? You can only have one SSL per IP so if you install one on an IP then try to install a second one on the same IP it won't work.

 

[anoetic]

Why multiple entries?

The whole subject is a little long to go into here but check your /usr/local/apache/conf/httpd.conf for the new VirtualHost container you've created for whatever you called that cert ([email protected]).


It should look something like this if it's a cert added to an existing site:


<IfDefine SSL>
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerAdmin [email protected]
DocumentRoot /home/UserName/public_html/secure
BytesLog domlogs/secure.whatever.com-bytes_log
ServerName secure.whatever.com
UserDir public_html
User UserName
Group UserName
ScriptAlias /cgi-bin/ /home/UserName/public_html/secure/cgi-bin/
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/secure.whatever.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/secure.whatever.com.key
SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
SSLLogFile /usr/local/apache/domlogs/secure.whatever.com-ssl_data_log
CustomLog /usr/local/apache/domlogs/secure.whatever.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>

The problem I am having is that Firefox does not recognize the certifying authority. It does show all the correct info for the cert itself. I'm told that this problem is due to Firefox not getting the correct CA bundle info. So, I looked in the httpd.conf file as suggested above and discovered that there are 3 of the SSL entries for my domain. All 3 are almost identical except the first has no ca-bundle line. The second entry has the following line:


#SSLCertificateChainFile /usr/share/ssl/certs/sf_issuing.crt

The third entry has what appears to be the correct line:

SSLCACertificateFile /usr/share/ssl/certs/www.whatever.com.cabundle

I've never manually editted the htpd.conf file to add any of these entries. I've always used WHM. So, why are there 3 entries? Could this be causing my problem or are each of these necessary for some reason? Which entry is used by apache if there are multiple entries like this?

Note that the cabundle file does not have a .crt extension. Again, this is how WHM named it. Does it need a .crt extension to work?

Finally, is there a way to correct this through WHM?