Comodo Instant SSL + WHM Problem

2fangs

Member
Jul 7, 2004
6
0
151
Ok, here it goes.

I've got a premium SSL from Comodo/Instantssl and have installed it.

Now here's where the problem is. When you visit the site, Security Alert message pops up saying that the root is not trusted. After reading another post on this site, I installed the intermediary file ComodoClass3SecurityServicesCA.crt file on WHM.

Problem solved? Nope. The error keeps appearing saying that the root is not trusted.

Once more, turning back to WHM ("Install an SSL Certificate and Setup the Domain"), I fill in the host name, etc and the information is fetched. Now, when I compare the "Fetch-ed" CA Bundle on the server with the ComodoClass3SecurityServicesCA.crt file which was provided by Comodo, it is totally different. Despite repeated attempts to change it, it doesn't.

i'm running :

WHM 9.4.0 cPanel 9.4.1-R64
RedHat Enterprise 3 - WHM X v3.1.0

Is there a fix to this?

Thanks.
 

myrem

Well-Known Member
Jul 14, 2002
93
0
156
If WHM is giving you grief with this, you could manually force the ca definition into the apache config.

1) Drop the CA bundle text file into /usr/share/ssl/certs/your.domain.com.cabundle
2) Edit /etc/httpd/conf/httpd.conf
3) Locate ssl section for your domain

You should see these lines
Code:
SSLCertificateFile /usr/share/ssl/certs/your.domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/your.domain.com.key
Add below these lines (or change the line if there):
Code:
SSLCACertificateFile /usr/share/ssl/certs/your.domain.com.cabundle
4) Save, done.

(obviously, the 'your.domain.com' should be replaced with the SSL domain cert name)
 

2fangs

Member
Jul 7, 2004
6
0
151
No Success.

I did exactly what you said. I've even SSHed and viewed the httd.conf file to make sure that additional line was inserted and it was. Furthermore, i also double checked the spelling of the www.domain.com.cabundle file - as well as the caps.
 

2fangs

Member
Jul 7, 2004
6
0
151
Got it to work.

I had to go into WHM and remove the old CA bundle.

Thanks for your advise!!
 

screege

Well-Known Member
Aug 11, 2004
190
1
166
I found this answer very useful and fixed it by putting the line in the /etc/httpd/conf/httpd.conf don't know what happened one day was working fine today not.

The line I putted was:

to etc/httpd/conf/httpd.conf:

SSLCACertificateFile /usr/share/ssl/certs/domain.com.cabundle

Below this lines:

SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key

And resetting httpd thanks for this great answer.
 

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
This is the best answer I found for the year!

The Comodo CA Bundle problem has been troubling me for two years. When I checked my httpd.conf, SSLCACertificateFile /usr/share/ssl/certs/mydomain.com.cabundle line was missing. It works instantly after I insert the line and restarted httpd.

Thanks.
 

SuperBaby

Well-Known Member
Nov 27, 2003
343
0
166
Thailand
cPanel Access Level
Website Owner
Twitter
I also solved another Comodo problem today.

I am not sure how many of you are having problems inserting the RED Comodo seal onto your webpage. But I gave up 3 months ago until today. If you follow the instruction here at http://www.trustlogo.com/ssl-certificate-support/index2.html , you might get into some problems.

Firstly because of the alignment of the red seal. In IE7, it might not always stay at the bottom-right. Most of the time it will be placed at the bottom-middle which is really not nice.

Secondly, you might be getting security warning from IE7 if you use the two trustlogo.com's URLs in the Javascripts provided. Here is the solution:

1) Go to the FAQ page following the URL above. You can get another two types of round seal. Forget about the red triangle seal. You can study the source codes of the page. But to save time, this is my conclusion.....

2) Download the "trustlogo.js" and the "secure_site.gif" files to your own site. Place this code on your webpage to call up the seal using RELATIVE URL (not starting with http or https):

<script language="JavaScript" src="trustlogo.js" type="text/javascript"></script>
<script type="text/javascript">TrustLogo("images/secure_site.gif", "SC", "none");</script>
Don't worry. Even if the JS is not called from the trustlogo.com's site, the image certificate works! Simply hover the mouse over the seal and it will appear for a few seconds.

BTW, I really hate IE.
 

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
I found this answer very useful and fixed it by putting the line in the /etc/httpd/conf/httpd.conf don't know what happened one day was working fine today not.

The line I putted was:

to etc/httpd/conf/httpd.conf:

SSLCACertificateFile /usr/share/ssl/certs/domain.com.cabundle

Below this lines:

SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key

And resetting httpd thanks for this great answer.
Screege, you are my hero.

I fought with Comodo over a PositiveSSL installation... it worked OK in IE, but Firefox 1.5 was barking "Could not verify this certificate because the issuer is unknown"

They kept telling me that the intermediate certificate was not installed correctly and I kept insisting that I was installing it fine.

On a whim, I searched here for "comodo" and found this thread.

It was as easy as adding the "SSLCACertificateFile /usr/share/ssl/certs/domain.com.cabundle" line to httpd.conf, next to the .crt and .key lines, save, restart httpd and BOOM -- finally works !!!

Thank you !!!!!!!!!

- Scott
 

mohit

Well-Known Member
Jul 12, 2005
553
0
166
Sticky On Internet
Which is the Cheapest SSL available for cPanel

Hi,
I would like to get a Cheap SSL for my webserver cpanel login, which one should i buy.

will the "SSL123 Certificate" from comodo will let me use it ?

or i need the "Wildcard Server Certificate"

see ya,
mohit
 

sneader

Well-Known Member
Aug 21, 2003
1,178
57
178
La Crosse, WI
cPanel Access Level
Root Administrator
Please don't start a brand new discussion by tacking onto someone else's thread.

Start a new thread asking for advice on getting a cheap SSL cert.

- Scott