The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

How to check if a SSL Certificate was correctly installed.

Discussion in 'General Discussion' started by Daniel Artes, Oct 3, 2005.

  1. Daniel Artes

    Daniel Artes Well-Known Member

    Joined:
    Jun 21, 2003
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    USA - Baltimore
    Hi there, I would apreciate if someone helps me with this one.

    I just bought a SSL certificate for one of my domains, I installed it under a domain in my server and eveything went fine.

    (I DID SEARCH and read most of post related to ssl in this forum and that's how I installed in te server.)

    I got this message after i insatlled the certificate in my server,

    Code:
    Attempting to verify your certificate..... Cerificate verification passed!
    Verifcation Result [/C=US/O=prodigystudios.net/OU=https://services.choicepoint.net/get.jsp?GT43481999/OU=See www.rapidssl.com/cps (c)05/OU=Domain Control Validated - RapidSSL(TM)/CN=prodigystudios.net]
    
    The Certificate for the domain prodigystudios.net was installed on the ip 216.127.76.78.
    Attempting to restart httpd 	
    Waiting for httpd to restart.... . . . . . . . . . . finished.
    
    httpd status
    
    root       308  0.0  0.3  5708 1612 pts/1    S    13:37   0:00 pico -w -z /etc/httpd/conf/httpd.conf
    root      1177  3.0  1.8 13752 9504 ?        S    13:45   0:00 /usr/local/apache/bin/httpd -DSSL
    
    
    httpd started ok
    Finished Install Process.
    I checked the httpd.conf and I found that the SSL MOD was loading and there was a new ssl entry for my domani that looks like this:
    I reemplaced teh domain name in this example...

    Code:
    <IfDefine SSL>
    <VirtualHost 216.127.76.78:443>
    ServerAdmin webmaster@prodigystudios.net
    DocumentRoot /home/prodigy/public_html
    ServerName prodigystudios.net
    UserDir public_html
    
    User prodigy
    Group prodigy
    ScriptAlias /cgi-bin/ /home/prodigy/public_html/cgi-bin/
    
    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/domain.net.crt
    SSLCertificateKeyFile /usr/share/ssl/private/domain.key
    SSLCACertificateFile /usr/share/ssl/certs/domain.net.cabundle
    SSLLogFile /usr/local/apache/domlogs/domain.net-ssl_data_log
    CustomLog /usr/local/apache/domlogs/domain.net-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>
    
    :confused: When I go to https://www.domain.net it times out, nothing happens, Is there anyway to check my certificate, so I see if it's properly working?

    Thank you!!
     
  2. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    Certificate looks good so it looks like you have it installed correctly.

    The certificate was issued to prodigystudios.net so if you lookup https://prodigystudios.net you get no error but if you lookup https://www.prodigystudios.net then you will get a popup warning that "The name on the security certificate does not match the name of the site".

    If you had tried at access the secure site before you installed trhe certificate then the bad lookup record may have been stored in the cache either on your PC or at your ISP.
     
  3. NetPublicist

    NetPublicist Well-Known Member

    Joined:
    Aug 19, 2003
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    I'm having the same problem, I have installed the CRT it seems that the installation was a success, but when I go to the site in my browser I get an error.

    Attempting to verify your certificate..... Cerificate verification passed!
    Verifcation Result [/C=US/2.5.4.17=32746/ST=FL/L=Lake Mary/2.5.4.9=600 Rinehart Road/O=Strang Communications/OU=Secure Services/OU=Provided by Altaire/OU=AltaireSSL - $2,500 warranty/CN=secure.strangdirect.com]

    The Certificate for the domain secure.strangdirect.com was installed on the ip 208.62.50.23.

    I have installed SSL Certs on my other cPanel server without any problems, this is the first one I have tried to install on this new cPanel server and it doesn't seem to work.
     
  4. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    Have you set up secure.strangdirect.com on the server? It does not seem to be working normally. No DNS records for it either.

    You need to have it up and running on the dedicated IP address before you install the certificate.
     
  5. NetPublicist

    NetPublicist Well-Known Member

    Joined:
    Aug 19, 2003
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
  6. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    Looks good now :)
    everythings seems to have sorted itself out.
     
  7. forlinuxsupport

    forlinuxsupport Well-Known Member
    PartnerNOC

    Joined:
    Dec 22, 2004
    Messages:
    386
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    hey

    when installing SSLs via cpanel.

    1st - Set the Time to live (TTL) to 60 seconds, so propergation is nice and quick)

    2nd - move the domain to a new IP in cpanel , then

    3rd actually install the certificate.

    :)
    Andy
     
  8. NetPublicist

    NetPublicist Well-Known Member

    Joined:
    Aug 19, 2003
    Messages:
    54
    Likes Received:
    0
    Trophy Points:
    6
    Thanks!! I didn't move the domain to a new IP, I left the main domain on the shared IP, but setup a new A record in the DNS zone so secure.strandirect.com is pointing to the new IP.

    I forgot to do this at first, which explains why it wasn't working, thanke for all your help!!
     
Loading...

Share This Page