Client's SSL certificate suddenly invalid?

junglecat

Well-Known Member
Jul 6, 2004
168
0
166
WHM 10.8.0 cPanel 10.8.2-R119
Fedora i686 - WHM X v3.1.0

I searched the forums and didn't find this one. A client uses a SSL cert for her site. I installed it for her several months ago and no issues until now.

For the last several days, when you visit the client's site, you get a popup saying Website certified by an unknown authority.

The client contacted the cert issuer and they said the problem is on the server end. I tried reinstalling and the server says the certificate is invalid.

I rebuilt apache and that didn't help. How can I troubleshoot this?
 

sfxx

Member
May 31, 2003
22
0
151
Make sure what the popup error says.
I guess the error is either related to
-hostname
-Expiration date


Does it say it's expired?
Or, are you accessing the site with the correct hostname?
(if the cert is obtained with a hostname "www.domain.tld", you get error if you access the site with an URL "domain.tld" with out "www")

Hope this helps.
 

junglecat

Well-Known Member
Jul 6, 2004
168
0
166
It's not expired. I've gone to the site with and without the www and the same thing happens.

Here is what it says:




When you click examine certificate, this is what comes up:




 

astopy

Well-Known Member
Apr 3, 2003
166
0
166
cPanel Access Level
Root Administrator
I'm having exactly the same problem with my certificate for WHM/cPanel. Since I updated to cPanel 10.8.2 the other day, firefox complains that it doesn't recognise the certifying authority. However, it has no problem with another cert on another (non-cpanel) server from the same authority.
 

jester.ro

Well-Known Member
PartnerNOC
Feb 6, 2004
303
0
166
Bucharest, Romania
cPanel Access Level
DataCenter Provider
well, it seems normal to me?

is gpt-pal.com a trusted issuer for certificates?

That looks like a self-signed certificate. For a certificate to not give that warning, the issuer has to be listed in firefox as a trusted certification authority (like geotrust, verisign, equifax)

The issuer has to be a trusted authority.
 

junglecat

Well-Known Member
Jul 6, 2004
168
0
166
jester.ro said:
well, it seems normal to me?

is gpt-pal.com a trusted issuer for certificates?

That looks like a self-signed certificate. For a certificate to not give that warning, the issuer has to be listed in firefox as a trusted certification authority (like geotrust, verisign, equifax)

The issuer has to be a trusted authority.
Why was it working for months and then suddenly not working? What exactly is a "self signed" certificate. The certificate was purchased from a trusted issuer.
 

sfxx

Member
May 31, 2003
22
0
151
I don't know why it was working fine, but "self signed" certificate is a cert you create on your own.(For example, you can create one with WHM).
If you have purchased one from a trusted authority, try re-installing the cert.
 

junglecat

Well-Known Member
Jul 6, 2004
168
0
166
sfxx said:
I don't know why it was working fine, but "self signed" certificate is a cert you create on your own.(For example, you can create one with WHM).
If you have purchased one from a trusted authority, try re-installing the cert.
As I said in my first post, I tried reinstalling and the server says the certificate is invalid.
The company that issued the certificate says the problem is on the server end.
 

sfxx

Member
May 31, 2003
22
0
151
You should make sure that the cert file "/usr/share/ssl/certs/doman.crt" is actually updated.
And restart httpd.
 

junglecat

Well-Known Member
Jul 6, 2004
168
0
166
sfxx said:
You should make sure that the cert file "/usr/share/ssl/certs/doman.crt" is actually updated.
And restart httpd.
/usr/share/ssl/certs/domain.crt doesn't exist. Where else would I look for domain.crt ?