The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Cpanel/WHM SSL cert error during install?

Discussion in 'General Discussion' started by jamesbond, Nov 13, 2002.

  1. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    I just installed an instantSSL cert so I can logon securely to WHM/Cpanel.
    I installed it through 'Change CPanel/WHM certificate' instead of 'Install a certificate and setup domain'

    This is correct right?

    It seems to work, but I was wondering what error message below means exactly:

    --------------
    Attempting to verify your certificate.....
    Cerificate appears to be intact
    /usr/local/cpanel/share/ssl/certs/xxxxxxxxx.com.crt.test: /C=xx/2.5.4.17=xxxxx/ST=xxxxxxx/L=xxxxxxx/2.5.4.9=xxxxxxxxx/O=xxxxxxxxxxx/OU=IT/OU=InstantSSL/CN=xxxxxxxxxx.com
    error 20 at 0 depth lookup:unable to get local issuer certificate

    Restarting SSL Support
    Certificate has been installed!
    ----------

    I also get 1 warning when I log on :

    the security certificate was issued by a company you have chosen not to trust...

    How can I get rid of this warning?

    I've read the how-to on installing SSL by itf, but I still don't know how to get rid of this error.

    There are 2 places where I see SSL keys/certs


    1. /usr/local/cpanel/share/ssl/certs/

    and

    2. /usr/share/ssl/certs/


    Is the following correct then?

    1. location 1 is for the WHM/CPanel cert (secure login 2083 and 2087 )

    2. location 2 is the place of the certificates for domains


    I still get this warning 'the security certificate was issued by a company you have chosen not to trust...' when I use https://secure.mydomain:2087
    Maybe it has something to do with the fact that a secure.mydomain.crt.test is created every time I try to install the certificate...I don't know why.

    Anyone?
     
  2. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    No it is not a self signed certificate, I ordered an Instant SSL certificate and installed it through WHM.

    When I look at the certificate details (click on the lock) when I browse through https://secure.mydomain.com:2087 it does show my Instant SSL data and has a valid expiry date etc.
     
  3. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    PM sent.

    I don't have AIM installed, I do have ICQ.
     
  4. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Still not solved :(

    the problem is not in getting https://secure.mydomain.com to work without the warning.
    (I just install it through 'Install an SSL Certificate and Setup the Domain ')


    The problem is getting https://secure.mydomain.com:2083 and https://secure.mydomain.com:2087 getting to work without getting a warning (the certificate was issued by a company you have chosen not to trust etc.)

    SSL for port 2083 and 2087 should be done through 'Change cPanel/WHM Certificate' right?

    I can't find any information about this in the docs, cpanel support hasn't replied yet...
     
  5. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    ok bond007 ;), try this:

    https://xxx.xxx.xxx.xxx:2083

    Put any username/password (the password can be your root password) to login to cpanel.

    xxx.xxx.xxx.xxx is your server's main IP address.

    Are you still getting the warnings? You shouldn't!

    Regards,
    Norman
     
  6. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Actually when I use my ip address instead of secure.mydomain.com I get 2 warnings instead of 1 :)

    1. the certificate was issued by a company you have chosen not to trust etc.)

    2. name does not match the name of site.

    The second warning is obvious because the certificate is issued for secure.mydomain.com

    It's the first warning that always comes up when I connect through 2083 or 2087
     
  7. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    That's strange. You should be getting those errors only when you logon to 2087, not when you login to 2083.

    Regards,
    Norman
     
  8. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Why should I be getting warnings at all ? :)
    I installed a valid SSL certificate.
     
  9. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    You are getting warnings because the cert you installed for the domain is specifically installed for port 443 only. The other ports for cpanel, webmail, etc, will use the server selfsigned cert.
     
  10. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    How can I set it up so that I don't get warnings when I use 2083 or 2087 then?

    That's what I've been trying to figure out.
     
  11. Marty

    Marty Well-Known Member

    Joined:
    Oct 10, 2001
    Messages:
    630
    Likes Received:
    1
    Trophy Points:
    18
    Sorry, I went back and reread your post. I misunderstood what you were trying to do. I have never tried to install a cert for that, so I am not sure what is going on except the possibility that the Balimore Intermediary cert did not install correctly in the process.
     
  12. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    [quote:5e805810ec][i:5e805810ec]Originally posted by Marty[/i:5e805810ec]

    I have never tried to install a cert for that, so I am not sure what is going on except the possibility that the Balimore Intermediary cert did not install correctly in the process.[/quote:5e805810ec]

    It seems I am the only one that wants to get rid of those warnings :)
    I would like my CPanel customers not to see that warning when they log on to port 2083 for the first time.

    As I said, installing certs for domains (port 443) works perfectly fine, but that's not what I'm after in this case.

    I submitted a cpanel support ticket, haven't gotten a reply from them yet though :(
     
  13. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    Ok, I've tried everything, even manually replacing the mycpanel.pem file in :
    /usr/local/cpanel/etc/

    I still get the warning...

    Now I just read the following in the WHM news section:
    ------------------------------
    cabundle support for Cpanel/WHM SSL Certificates that require a cabundle now work with cPanel's ssl (port 2083/2087/2096) (5.2.0 build 115 or later only)
    ------------------------------

    I suppose that has something to do with it, but I'm running WHM 5.2.0 Cpanel 5.3.0-R6, which is more recent than 5.2.0 build 115 I would think.
     
  14. Dathorn_ADT

    Dathorn_ADT Active Member

    Joined:
    Nov 16, 2002
    Messages:
    41
    Likes Received:
    1
    Trophy Points:
    6
    cPanel Access Level:
    Root Administrator
    Did you ever figure it out? I'm having this same problem right now and I'd really like to take care of it...
     
  15. jamesbond

    jamesbond Well-Known Member

    Joined:
    Oct 9, 2002
    Messages:
    738
    Likes Received:
    1
    Trophy Points:
    18
    [quote:acc7979671][i:acc7979671]Originally posted by Dathorn_ADT[/i:acc7979671]

    Did you ever figure it out? I'm having this same problem right now and I'd really like to take care of it...[/quote:acc7979671]

    What warning do you get exactly?

    The problem with the warning and instantssl has been fixed in the recent releases.
    However now I have an authentication window popping up when I connect to 2083 or 2087
     
  16. LVWH

    LVWH Member

    Joined:
    Dec 14, 2002
    Messages:
    15
    Likes Received:
    0
    Trophy Points:
    1
    I get this stuff too

    It seems I get this stuff too. I have been trying to install an SSL Cert for a client and I have had nothing but grief. I then find out that CPANEL Created the RSA Key incorrectly. After trying again then the error came up as being self signed and get warnings about it when browsing the site.

    I'm still waiting on a respose from someone else but I think it has something to do with the CA Bundle not being installed with the cert. I will try to update you folks on this as I go.

    Cheers,

    LVWH
     
  17. Kurieuo

    Kurieuo Well-Known Member

    Joined:
    Dec 13, 2002
    Messages:
    98
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Australia
    Any news on this? I get the same message (i.e. not verified) after installing the InstantSSL certificate for a domain.

    I have a feeling it is also to do with the bundle not being setup correctly - however I don't have access to the root, so I can't set it up manually to make sure its not cPanel configuring wrong or something. :(
     
  18. sexy_guy

    sexy_guy Well-Known Member

    Joined:
    Mar 19, 2003
    Messages:
    848
    Likes Received:
    0
    Trophy Points:
    16
    This is an old msg, no reply
     
    #18 sexy_guy, Apr 7, 2003
    Last edited: Apr 7, 2003
  19. ljprevo

    ljprevo Well-Known Member

    Joined:
    Apr 15, 2003
    Messages:
    67
    Likes Received:
    0
    Trophy Points:
    6
    I don't care if it is old, it NEVER got answered. I am trying this same thing, want secure, no error messages on 2087 and 2083 but you can't get a straight answer anwhere here or in the docs.
     
  20. tntmom5

    tntmom5 Member

    Joined:
    Mar 27, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    NJ
    I was having this same problem and also when I used https to certain pages. This is how I fixed it.

    For some reason whm did not write the cabundle entry in the httpd.conf file. This line was missing:

    SSLCACertificateFile /usr/share/ssl/certs/mysecuresite.com.cabundle

    Found the info on doing this here:

    http://forums.cpanel.net/showthread.php?s=&threadid=4376&highlight=Freessl

    Tracy
     
Loading...

Share This Page