Cant install a second ssl certificate on my server

logikstudios

Well-Known Member
Nov 2, 2006
156
0
166
Hi. I am having trouble installing a second ssl certificate on my server. I can install it, but it does not work. When i say this i mean. If i goto xxxxx.com i will get a warning saying there is a problem with my certificate. I look at the certificate it is showing me, it is displaying my servers main certificate.

Please help.

Thanks,
 

koolcards

Well-Known Member
Oct 8, 2003
146
0
166
Tampa, Fl
The whole subject is a little long to go into here but check your /usr/local/apache/conf/httpd.conf for the new VirtualHost container you've created for whatever you called that cert ([email protected]).

It should look something like this if it's a cert added to an existing site:


<IfDefine SSL>
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerAdmin [email protected]
DocumentRoot /home/UserName/public_html/secure
BytesLog domlogs/secure.whatever.com-bytes_log
ServerName secure.whatever.com
UserDir public_html
User UserName
Group UserName
ScriptAlias /cgi-bin/ /home/UserName/public_html/secure/cgi-bin/
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/secure.whatever.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/secure.whatever.com.key
SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
SSLLogFile /usr/local/apache/domlogs/secure.whatever.com-ssl_data_log
CustomLog /usr/local/apache/domlogs/secure.whatever.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>


if it exists, make sure apache has been restarted since it was added.
 

Shelly

Registered
Aug 19, 2006
3
0
151
Second SSL always point to main SSL

Hello koolcards:

I have the same problem as the first person has.

I checked my httpd.conf, only main certificate is listed, so I added the second one as you suggested above.

Then restarted http service via CPanel WHM.

BUT The problem is still there.

When go to Second https site, it still pop up a warning that say I use main certificate.

Any idea?

Please let me know.

Thanks
 

jayh38

Well-Known Member
Mar 3, 2006
1,212
0
166
I would suggest not adding the entries manually. Use the ssl manager in whm. Also keep in mind that ssl requires a dedicated IP for each certificate.

ssl/tls > Install a SSL Certificate and Setup the Domain:

Then simply paste in your crt etc. If this certificate is from another server then simply copy over the csr, key and crt files and go from there. It will find them provided they are in the proper locations. Most likely /usr/share/ssl
 

rachelm

Well-Known Member
Verifed Vendor
Jan 26, 2005
94
1
158
umm just a thought, but the two SSL's are installed on DIFFERENT IP's right? You can only have one SSL per IP so if you install one on an IP then try to install a second one on the same IP it won't work.
 

anoetic

Active Member
Feb 5, 2006
25
0
151
Why multiple entries?

The whole subject is a little long to go into here but check your /usr/local/apache/conf/httpd.conf for the new VirtualHost container you've created for whatever you called that cert ([email protected]).


It should look something like this if it's a cert added to an existing site:


<IfDefine SSL>
<VirtualHost xxx.xxx.xxx.xxx:443>
ServerAdmin [email protected]
DocumentRoot /home/UserName/public_html/secure
BytesLog domlogs/secure.whatever.com-bytes_log
ServerName secure.whatever.com
UserDir public_html
User UserName
Group UserName
ScriptAlias /cgi-bin/ /home/UserName/public_html/secure/cgi-bin/
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/secure.whatever.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/secure.whatever.com.key
SSLCACertificateFile /usr/share/ssl/certs/ca-bundle.crt
SSLLogFile /usr/local/apache/domlogs/secure.whatever.com-ssl_data_log
CustomLog /usr/local/apache/domlogs/secure.whatever.com-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>
The problem I am having is that Firefox does not recognize the certifying authority. It does show all the correct info for the cert itself. I'm told that this problem is due to Firefox not getting the correct CA bundle info. So, I looked in the httpd.conf file as suggested above and discovered that there are 3 of the SSL entries for my domain. All 3 are almost identical except the first has no ca-bundle line. The second entry has the following line:


#SSLCertificateChainFile /usr/share/ssl/certs/sf_issuing.crt

The third entry has what appears to be the correct line:

SSLCACertificateFile /usr/share/ssl/certs/www.whatever.com.cabundle

I've never manually editted the htpd.conf file to add any of these entries. I've always used WHM. So, why are there 3 entries? Could this be causing my problem or are each of these necessary for some reason? Which entry is used by apache if there are multiple entries like this?

Note that the cabundle file does not have a .crt extension. Again, this is how WHM named it. Does it need a .crt extension to work?

Finally, is there a way to correct this through WHM?