How to check if a SSL Certificate was correctly installed.

Daniel Artes

Well-Known Member
Jun 21, 2003
50
0
156
USA - Baltimore
Hi there, I would apreciate if someone helps me with this one.

I just bought a SSL certificate for one of my domains, I installed it under a domain in my server and eveything went fine.

(I DID SEARCH and read most of post related to ssl in this forum and that's how I installed in te server.)

I got this message after i insatlled the certificate in my server,

Code:
Attempting to verify your certificate..... Cerificate verification passed!
Verifcation Result [/C=US/O=prodigystudios.net/OU=https://services.choicepoint.net/get.jsp?GT43481999/OU=See www.rapidssl.com/cps (c)05/OU=Domain Control Validated - RapidSSL(TM)/CN=prodigystudios.net]

The Certificate for the domain prodigystudios.net was installed on the ip 216.127.76.78.
Attempting to restart httpd 	
Waiting for httpd to restart.... . . . . . . . . . . finished.

httpd status

root       308  0.0  0.3  5708 1612 pts/1    S    13:37   0:00 pico -w -z /etc/httpd/conf/httpd.conf
root      1177  3.0  1.8 13752 9504 ?        S    13:45   0:00 /usr/local/apache/bin/httpd -DSSL


httpd started ok
Finished Install Process.
I checked the httpd.conf and I found that the SSL MOD was loading and there was a new ssl entry for my domani that looks like this:
I reemplaced teh domain name in this example...

Code:
<IfDefine SSL>
<VirtualHost 216.127.76.78:443>
ServerAdmin [email protected]
DocumentRoot /home/prodigy/public_html
ServerName prodigystudios.net
UserDir public_html

User prodigy
Group prodigy
ScriptAlias /cgi-bin/ /home/prodigy/public_html/cgi-bin/

SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domain.net.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.key
SSLCACertificateFile /usr/share/ssl/certs/domain.net.cabundle
SSLLogFile /usr/local/apache/domlogs/domain.net-ssl_data_log
CustomLog /usr/local/apache/domlogs/domain.net-ssl_log combined
SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
</VirtualHost>
</IfDefine>
:confused: When I go to https://www.domain.net it times out, nothing happens, Is there anyway to check my certificate, so I see if it's properly working?

Thank you!!
 

Trigger

Well-Known Member
May 17, 2003
87
0
156
Brisbane
Certificate looks good so it looks like you have it installed correctly.

The certificate was issued to prodigystudios.net so if you lookup https://prodigystudios.net you get no error but if you lookup https://www.prodigystudios.net then you will get a popup warning that "The name on the security certificate does not match the name of the site".

If you had tried at access the secure site before you installed trhe certificate then the bad lookup record may have been stored in the cache either on your PC or at your ISP.
 

NetPublicist

Well-Known Member
Aug 19, 2003
54
0
156
I'm having the same problem, I have installed the CRT it seems that the installation was a success, but when I go to the site in my browser I get an error.

Attempting to verify your certificate..... Cerificate verification passed!
Verifcation Result [/C=US/2.5.4.17=32746/ST=FL/L=Lake Mary/2.5.4.9=600 Rinehart Road/O=Strang Communications/OU=Secure Services/OU=Provided by Altaire/OU=AltaireSSL - $2,500 warranty/CN=secure.strangdirect.com]

The Certificate for the domain secure.strangdirect.com was installed on the ip 208.62.50.23.

I have installed SSL Certs on my other cPanel server without any problems, this is the first one I have tried to install on this new cPanel server and it doesn't seem to work.
 

Trigger

Well-Known Member
May 17, 2003
87
0
156
Brisbane
Have you set up secure.strangdirect.com on the server? It does not seem to be working normally. No DNS records for it either.

You need to have it up and running on the dedicated IP address before you install the certificate.
 

Trigger

Well-Known Member
May 17, 2003
87
0
156
Brisbane
Looks good now :)
everythings seems to have sorted itself out.
 

forlinuxsupport

Well-Known Member
PartnerNOC
Dec 22, 2004
386
0
166
cPanel Access Level
Root Administrator
hey

when installing SSLs via cpanel.

1st - Set the Time to live (TTL) to 60 seconds, so propergation is nice and quick)

2nd - move the domain to a new IP in cpanel , then

3rd actually install the certificate.

:)
Andy
 

NetPublicist

Well-Known Member
Aug 19, 2003
54
0
156
Thanks!! I didn't move the domain to a new IP, I left the main domain on the shared IP, but setup a new A record in the DNS zone so secure.strandirect.com is pointing to the new IP.

I forgot to do this at first, which explains why it wasn't working, thanke for all your help!!