The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Install cert be hand......

Discussion in 'General Discussion' started by smilb, Aug 12, 2001.

  1. smilb

    smilb Member

    Joined:
    Aug 10, 2001
    Messages:
    12
    Likes Received:
    0
    Trophy Points:
    1
    How do I install a cert, WHM will not install it but will generate them though......
     
  2. Site5-Matt

    Site5-Matt Well-Known Member
    PartnerNOC

    Joined:
    Aug 10, 2001
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    Try /scripts/installssl

    Matt
     
  3. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    Will this work for Equifax SSL certs? I plan to get one but I\'m unsure on how to do it =\\
     
  4. felix220

    felix220 Active Member

    Joined:
    Aug 12, 2001
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    [quote:67133f626a]Will this work for Equifax SSL certs? I plan to get one but I'm unsure on how to do it =\ [/quote:67133f626a]

    Teck,

    It seems that getting the Business ID cert from Equifax to work with CPanel is one of the world's greatest secrets.. we are lucky enough to have had on two occasions, the 'complex' piece of 'wizardry' performed to install this AND remove the "not trusted by browser" pop up.. but we are not allowed to know exactly how it's done.. maybe this will reveal a nasty about CPanel that we are better off not knowing about, so I hope that you get an answer to this to prove that theory wrong.. :D

    One ID cert per server has in the past allowed any web server to be added afterwards.

    However, it seems that with an install we've just done, that the cert will only work with the root directory of the chosen domain.. no other folders underneath it are available..

    This of course makes the cert useless, particularly if there is a script involved using cgi-bin etc (eg 3rd party API's)

    I don't know if the problem here lies with CPanel or Equifax (or us!), and considering the recent behaviour of Equifax, I can only say that 'some' of their certs work and others don't, even if installed in an identical manner.. this is of course bizarre..

    Since the genius at WHT destroyed our ability to use the old 'reseller' URL, there have been problems at Equifax, although some of the guys there are extremely keen to please...

    I have ordered replacements from Thawte now, after finding that the equifax mystery isn't worth saving $25 on the first one and $1 on every subsequent cert purchased..

    Email me if you want any more details.. :)

    Cheers.



    [Edited on 13/8/01 by felix220]
     
  5. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    I don\'t have your email and it\'s not in your profile.. Hopefully when I get my cert, I can try to do it myself and get it working. I won\'t need any 3rd part CGI\'s or anything since everything will be in the root dir. I hope all goes well..
     
  6. felix220

    felix220 Active Member

    Joined:
    Aug 12, 2001
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    [quote:1f1998e58f]I don\'t have your email and it\'s not in your profile..[/quote:1f1998e58f]

    Sorry, it is now.. :P
     
  7. Site5-Matt

    Site5-Matt Well-Known Member
    PartnerNOC

    Joined:
    Aug 10, 2001
    Messages:
    81
    Likes Received:
    0
    Trophy Points:
    6
    We have some customers who experienced quite a bit of trouble with Equifax certs as well. I would strongly recommend Thawte certs instead - never had a problem with one.

    Matt
     
  8. teck

    teck Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    164
    Likes Received:
    0
    Trophy Points:
    16
    felix220, are you David? If so, I already spoken to you before :)
     
  9. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    I'm going to post this here, since it involves general cert weirdness. Since the Equifax issue has already been described, I'll leave that one alone and continue to recommend Thawte to everyone as we always do.

    Two questions:

    First, has anyone successfully installed a Tucows cert for a single domain? Works? Doesn't? Inquiring minds want to know (or at least a couple of our customers, before they reach into their wallets).

    Second, and the bigger issue. We have a server wide cert that previously worked and then suddenly stopped. Nothing has changed on the box, nothing has changed with the cert. When it stopped working, it also had the unfortunate effect of taking apache down with it. We've commented out the cert in the httpd.conf in order to keep apache happy. Has anyone seen this type of behavior before? We also have a reseller who installed a Thawte cert for one of his domains on another server that took apache down, as well. That one likewise has been commented out until we can run tests in the wee hours of the morning without disturbing the residents of that box.

    Part 2: A successful install of a Thawte cert on a single domain on yet another box. The cert works - but not if you try to call any CGIs securely using that owner's domain. If you use the server-wide to call her CGIs, they work like a peach.

    So any insights, suggestions, or general ranting about cPanel/WHM and the manner in which it handles certs would be appreciated. I am just about out of ideas, myself.

    Thanks, all.

    [Edited on 8/18/01 by Annette]
     
  10. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    Solution for the failure of a domain\'s secure cert to properly call CGI scripts securely:

    Place a ScriptAlias entry into the secure portion of the httpd.conf for that domain:

    ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
     
  11. Mark Vockler

    Mark Vockler Active Member

    Joined:
    Aug 10, 2001
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    [quote:98a8927829]First, has anyone successfully installed a Tucows cert for a single domain? Works? Doesn\'t?[/quote:98a8927829]
    Not sure about this one as our clients use Thawte.

    [quote:98a8927829]Second, and the bigger issue. We have a server wide cert that previously worked and then suddenly stopped. Nothing has changed on the box, nothing has changed with the cert. When it stopped working, it also had the unfortunate effect of taking apache down with it. We\'ve commented out the cert in the httpd.conf in order to keep apache happy. Has anyone seen this type of behavior before? We also have a reseller who installed a Thawte cert for one of his domains on another server that took apache down, as well. That one likewise has been commented out until we can run tests in the wee hours of the morning without disturbing the residents of that box.[/quote:98a8927829]
    Are you getting a message about \"SSLVerify not being recognized\" or something similar? If so, just restart Apache with SSL enabled:

    /usr/local/apache/bin/apachectl stop
    /usr/local/apache/bin/apachectl startssl

    [quote:98a8927829]Solution for the failure of a domain\'s secure cert to properly call CGI scripts securely:

    Place a ScriptAlias entry into the secure portion of the httpd.conf for that domain:

    ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/[/quote:98a8927829]
    We encounter this as well. Cpanel doesn\'t insert the ScriptAlias entry by default and we always have to do this manually.

    Mark
     
  12. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    No, no messages about SSLVerify - I know how to fix that. On every occasion that we\'ve had a script crap out lately, apache says that it has restarted successfully, but actually has not. I\'ve got another one to test today from Thawte, so we\'ll see if it can be installed without taking down the entire box.
     
  13. Mark Vockler

    Mark Vockler Active Member

    Joined:
    Aug 10, 2001
    Messages:
    36
    Likes Received:
    0
    Trophy Points:
    6
    [quote:eb9885fd00]No, no messages about SSLVerify - I know how to fix that. On every occasion that we\'ve had a script crap out lately, apache says that it has restarted successfully, but actually has not.[/quote:eb9885fd00]
    We encountered this twice, and rebooting the machine both times solved the problem. You\'ve probably already tried that as well, without success; just a thought, anyways.

    Mark
     
  14. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    361
    Likes Received:
    0
    Trophy Points:
    16
    I jus applied for a cert from FreeSSl and just got it but I can\'t get it installed.

    Maybe I did something wrong.
    I used /scripts/installssl and did everything asked including pasting the cert I got.

    Now, installssl it asks for a user. Wich user?
     
Loading...

Share This Page