The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Complete guide to get XRAMP certificate fully working without a problem

Discussion in 'General Discussion' started by Misiek, Jul 11, 2006.

  1. Misiek

    Misiek Well-Known Member

    Joined:
    Feb 23, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Complete guide to get XRAMP and others certificates fully work without a problem

    I wrote this guide because i've seen that there are many people with problems like mine so let's go

    When we get ssl certificate from for example xramp or other company which requires cabundle we do what follows :

    INSTALLING SSL CERTIFICATE FOR CPANEL AND WHM :

    Step one :
    Go to
    cd /usr/local/cpanel/etc/
    cp cpanel.pem cpanel.pem.backup

    Create a file called cpanel.pem which have inside the ssl certificate and ssl private key and copy it into this folder.

    The certificate is still no valid because of incorrect ca so we do what follows :
    cd /usr/local/cpanel/etc/
    cp mycpanel.cabundle mycpanel.cabundle.backup

    Rename SSLbundle.crt from xramp or any other ca file to mycpanel.cabundle and copy it to this folder

    Do : service cpanel restart
    If u get Starting SSL certificate [failed] go here

    http://forums.cpanel.net/showthread.php?t=53168&highlight=ssl+starting+failed

    And thats it now we have a working certificate for cpanel and WHM

    INSTALLING SSL CERTIFICATE FOR POP AND SMTP

    This was for me the hardest part because of errors and incompatibilities

    Let's go :

    For courier-imap users

    First we will do pop3 certificate so

    insert sslbundle.crt from xramp or other company into /etc/ssl/

    copy your pem file which contains ssl certificate and key to /etc/ssl/private and name it ca.pem for example

    Go to /usr/lib/courier-imap/etc

    Edit file pop3d-ssl

    Change that :
    TLS_CERTIFICATE=/etc/ssl/private/ca.pem
    TLS_TRUSTCERTS=/etc/ssl/sslbundle.crt

    save and exit

    Edit imapd-ssl

    Change that :

    TLS_CERTIFICATE=/etc/ssl/private/ca.pem
    TLS_TRUSTCERTS=/etc/ssl/sslbundle.crt

    Save and exit

    now do :
    service courier-imap restart


    LAST THING EXIM

    edit /etc/exim.conf

    tls_certificate = /etc/exim.pem <- this file should be provided form xramp or any other company IMPORTANT chmod 644 /etc/exim.pem

    tls_privatekey = /etc/exim.key <- this file should contain RSA PRIVATE KEY
    And finally
    service exim restart

    We should have ssl on whole server

    If you have any suggestions write it here !
     
    #1 Misiek, Jul 11, 2006
    Last edited: Jul 11, 2006
  2. bradandersen

    bradandersen Active Member

    Joined:
    Oct 6, 2003
    Messages:
    43
    Likes Received:
    0
    Trophy Points:
    6
    Change CPanel / WHM SSL Certificate

    Thank you!

    keywords:

    change cpanel/whm ssl certificate
    modify cpanel ssl certificate
    reset cpanel ssl certificate
    update cpanel ssl certificate
     
  3. ffeingol

    ffeingol Well-Known Member
    PartnerNOC

    Joined:
    Nov 9, 2001
    Messages:
    215
    Likes Received:
    1
    Trophy Points:
    18
    cPanel Access Level:
    DataCenter Provider
    No offense, but I think your really doing this the hard way. When you go to add the cert for WHM there are three text entry areas:

    1) "Past the entire .crt file here:" (you put your cert in here)
    2) "Paste the entire .key file here:" (this one normally auto fills in)
    3) "Paste the cabundle here (optional):"

    #3 is there you paste in the ca bundle that you get from Xramp. That will then get automagically meerged into the cabundle for WHM. You may still ahve to go through the manual stunnel restart, but that is another issue.

    Frank
     
  4. flash7

    flash7 Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Are you sure?
    Because in my exim.conf tls_certificate = /etc/exim.crt and chmod is 600 !!!
     
  5. Misiek

    Misiek Well-Known Member

    Joined:
    Feb 23, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    Yep definatly it must be done like i said
     
  6. flash7

    flash7 Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    Ok, but /etc/exim.pem doesn't exist on my server :confused:
     
  7. Misiek

    Misiek Well-Known Member

    Joined:
    Feb 23, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    exim.pem is a file which Xramp gave you, just rename xxx.pem to exim.pem and thats all
     
  8. hekri

    hekri Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    149
    Likes Received:
    2
    Trophy Points:
    18
    Everything is ok but SSL dont work pop3, smtp, imap in the bat mail program, program tells:

    >2007-01-31, 15:25:35: FETCH - Certificate S/N: 7149FF7482F1B, algorithm: RSA (1024 bits), issued from 30.01.2007 to 30.01.2008, for 1 host(s): name.myserver.com.
    >2007-01-31, 15:25:35: FETCH - Owner: Domain Control Validated, PositiveSSL, name.myserver.com.
    >2007-01-31, 15:25:35: FETCH - Issuer: GB, Greater Manchester, Salford, Comodo CA Limited, PositiveSSL CA.
    !2007-01-31, 15:25:35: FETCH - TLS handshake failure. Invalid server certificate (The issuer of this certificate chain was not found).
    2007-01-31, 15:25:36: FETCH - TLS handshake complete
    2007-01-31, 15:25:36: FETCH - connected to POP3 server


    In Outlook express and tunderbird seems to be working ok, but why not with the bat? Option add certificate to the trusters isnt active :(
     
    #8 hekri, Jan 31, 2007
    Last edited: Jan 31, 2007
  9. Misiek

    Misiek Well-Known Member

    Joined:
    Feb 23, 2004
    Messages:
    93
    Likes Received:
    0
    Trophy Points:
    6
    You sure you have correct sslbundle.crt
     
  10. hekri

    hekri Well-Known Member

    Joined:
    Oct 14, 2003
    Messages:
    149
    Likes Received:
    2
    Trophy Points:
    18
    I spend couple hours and have effect, fint in the comodo.com top certificate owner that was not added to the ca-bundle i add it manually to cabundle and now the bat see that i could add certificate to the trusted certificates (positive SSL ca-bunde file bug :(
     
Loading...

Share This Page