The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Comodo Instant SSL + WHM Problem

Discussion in 'General Discussion' started by 2fangs, Jul 14, 2004.

  1. 2fangs

    2fangs Member

    Joined:
    Jul 7, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Ok, here it goes.

    I've got a premium SSL from Comodo/Instantssl and have installed it.

    Now here's where the problem is. When you visit the site, Security Alert message pops up saying that the root is not trusted. After reading another post on this site, I installed the intermediary file ComodoClass3SecurityServicesCA.crt file on WHM.

    Problem solved? Nope. The error keeps appearing saying that the root is not trusted.

    Once more, turning back to WHM ("Install an SSL Certificate and Setup the Domain"), I fill in the host name, etc and the information is fetched. Now, when I compare the "Fetch-ed" CA Bundle on the server with the ComodoClass3SecurityServicesCA.crt file which was provided by Comodo, it is totally different. Despite repeated attempts to change it, it doesn't.

    i'm running :

    WHM 9.4.0 cPanel 9.4.1-R64
    RedHat Enterprise 3 - WHM X v3.1.0

    Is there a fix to this?

    Thanks.
     
  2. myrem

    myrem Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    If WHM is giving you grief with this, you could manually force the ca definition into the apache config.

    1) Drop the CA bundle text file into /usr/share/ssl/certs/your.domain.com.cabundle
    2) Edit /etc/httpd/conf/httpd.conf
    3) Locate ssl section for your domain

    You should see these lines
    Code:
    SSLCertificateFile /usr/share/ssl/certs/your.domain.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/your.domain.com.key
    Add below these lines (or change the line if there):
    Code:
    SSLCACertificateFile /usr/share/ssl/certs/your.domain.com.cabundle
    4) Save, done.

    (obviously, the 'your.domain.com' should be replaced with the SSL domain cert name)
     
  3. 2fangs

    2fangs Member

    Joined:
    Jul 7, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    No Success.

    I did exactly what you said. I've even SSHed and viewed the httd.conf file to make sure that additional line was inserted and it was. Furthermore, i also double checked the spelling of the www.domain.com.cabundle file - as well as the caps.
     
  4. 2fangs

    2fangs Member

    Joined:
    Jul 7, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Got it to work.

    I had to go into WHM and remove the old CA bundle.

    Thanks for your advise!!
     
  5. screege

    screege Well-Known Member

    Joined:
    Aug 11, 2004
    Messages:
    186
    Likes Received:
    0
    Trophy Points:
    16
    I found this answer very useful and fixed it by putting the line in the /etc/httpd/conf/httpd.conf don't know what happened one day was working fine today not.

    The line I putted was:

    to etc/httpd/conf/httpd.conf:

    SSLCACertificateFile /usr/share/ssl/certs/domain.com.cabundle

    Below this lines:

    SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key

    And resetting httpd thanks for this great answer.
     
  6. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    This is the best answer I found for the year!

    The Comodo CA Bundle problem has been troubling me for two years. When I checked my httpd.conf, SSLCACertificateFile /usr/share/ssl/certs/mydomain.com.cabundle line was missing. It works instantly after I insert the line and restarted httpd.

    Thanks.
     
  7. SuperBaby

    SuperBaby Well-Known Member

    Joined:
    Nov 27, 2003
    Messages:
    331
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Thailand
    cPanel Access Level:
    Website Owner
    Twitter:
    I also solved another Comodo problem today.

    I am not sure how many of you are having problems inserting the RED Comodo seal onto your webpage. But I gave up 3 months ago until today. If you follow the instruction here at http://www.trustlogo.com/ssl-certificate-support/index2.html , you might get into some problems.

    Firstly because of the alignment of the red seal. In IE7, it might not always stay at the bottom-right. Most of the time it will be placed at the bottom-middle which is really not nice.

    Secondly, you might be getting security warning from IE7 if you use the two trustlogo.com's URLs in the Javascripts provided. Here is the solution:

    1) Go to the FAQ page following the URL above. You can get another two types of round seal. Forget about the red triangle seal. You can study the source codes of the page. But to save time, this is my conclusion.....

    2) Download the "trustlogo.js" and the "secure_site.gif" files to your own site. Place this code on your webpage to call up the seal using RELATIVE URL (not starting with http or https):

    Don't worry. Even if the JS is not called from the trustlogo.com's site, the image certificate works! Simply hover the mouse over the seal and it will appear for a few seconds.

    BTW, I really hate IE.
     
  8. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Screege, you are my hero.

    I fought with Comodo over a PositiveSSL installation... it worked OK in IE, but Firefox 1.5 was barking "Could not verify this certificate because the issuer is unknown"

    They kept telling me that the intermediate certificate was not installed correctly and I kept insisting that I was installing it fine.

    On a whim, I searched here for "comodo" and found this thread.

    It was as easy as adding the "SSLCACertificateFile /usr/share/ssl/certs/domain.com.cabundle" line to httpd.conf, next to the .crt and .key lines, save, restart httpd and BOOM -- finally works !!!

    Thank you !!!!!!!!!

    - Scott
     
  9. mohit

    mohit Well-Known Member

    Joined:
    Jul 12, 2005
    Messages:
    553
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Sticky On Internet
    Which is the Cheapest SSL available for cPanel

    Hi,
    I would like to get a Cheap SSL for my webserver cpanel login, which one should i buy.

    will the "SSL123 Certificate" from comodo will let me use it ?

    or i need the "Wildcard Server Certificate"

    see ya,
    mohit
     
  10. sneader

    sneader Well-Known Member

    Joined:
    Aug 21, 2003
    Messages:
    1,126
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    La Crosse, WI
    cPanel Access Level:
    Root Administrator
    Please don't start a brand new discussion by tacking onto someone else's thread.

    Start a new thread asking for advice on getting a cheap SSL cert.

    - Scott
     
Loading...
Similar Threads - Comodo Instant SSL
  1. hasnisyed
    Replies:
    3
    Views:
    318

Share This Page