O
ozzi4648
Guest
Has anyone successfully move their Ensim cert, csr, key from an Ensim server over to their Cpanel server with success?
O
ozzi4648
Guest
[quote:bbeda2ab3f][i:bbeda2ab3f]Originally posted by mooony[/i:bbeda2ab3f]
Hi,
I moved two thawte crt from ensim to cpanel without any problems.
Create a new crt request that is the same as the one you have on the ensim server. The copy the crt to cpanel and you are done.
Ronald[/quote:bbeda2ab3f]
Thats what i thought about doing, thanks! The only difference is the password that Ensim does not ask for but if you got it working i will try it!
Hi,
I moved two thawte crt from ensim to cpanel without any problems.
Create a new crt request that is the same as the one you have on the ensim server. The copy the crt to cpanel and you are done.
Ronald[/quote:bbeda2ab3f]
Thats what i thought about doing, thanks! The only difference is the password that Ensim does not ask for but if you got it working i will try it!
O
ozzi4648
Guest
Eeeks, this almost works but not exactly. I simply copied my certs from the Ensim server. Everthing installed properly however i'm getting the error that says: The security certificate was issued by a company you have not trusted la di da. I have tried to say YES trust the stupid thing but its not part of the root authority and it will refuse to install the cert on my end. I have tried this on one two other pc's, windows reports the certificate is not a issued by a trusted company.
Dont understand this because you should be able to take certs from server to server as long as your running it on the same domain. It is not ip specific.
Also now i am getting that damn AUTHENTICATION BOX again, on my new server. CPANEL are you listening??? We need this resolved!!!!!!!!!!!!!!!!!!!!!!
Dont understand this because you should be able to take certs from server to server as long as your running it on the same domain. It is not ip specific.
Also now i am getting that damn AUTHENTICATION BOX again, on my new server. CPANEL are you listening??? We need this resolved!!!!!!!!!!!!!!!!!!!!!!
O
ozzi4648
Guest
[quote:14697bf0f0][i:14697bf0f0]Originally posted by mooony[/i:14697bf0f0]
Hi ozzi,
At first I got this error as well. I recreated te cert but without inserting the data. I copied the request and the crt in the whm window and created the crt. This time it worked. I have 8 crt in this way without any problems.
Ronald[/quote:14697bf0f0]
You mean you created the csr in WHM before copying the certificate and the key? Yes but the cPanel CSR requires a userid and password which is not a requried field on Ensim CSR request. I dont know if this even matters.
Hi ozzi,
At first I got this error as well. I recreated te cert but without inserting the data. I copied the request and the crt in the whm window and created the crt. This time it worked. I have 8 crt in this way without any problems.
Ronald[/quote:14697bf0f0]
You mean you created the csr in WHM before copying the certificate and the key? Yes but the cPanel CSR requires a userid and password which is not a requried field on Ensim CSR request. I dont know if this even matters.
O
ozzi4648
Guest
[quote:ac2c03aae6][i:ac2c03aae6]Originally posted by mooony[/i:ac2c03aae6]
Hi ozzi,
At first I got this error as well. I recreated te cert but without inserting the data. [/quote:ac2c03aae6]
What do you mean? Which cert are you referring to? Are you talking about the csr?
[quote:ac2c03aae6]I copied the request and the crt in the whm window and created the crt.[/quote:ac2c03aae6]
You can only copy the certificate and the key into the window
Hi ozzi,
At first I got this error as well. I recreated te cert but without inserting the data. [/quote:ac2c03aae6]
What do you mean? Which cert are you referring to? Are you talking about the csr?
[quote:ac2c03aae6]I copied the request and the crt in the whm window and created the crt.[/quote:ac2c03aae6]
You can only copy the certificate and the key into the window
Hi ozzi,
Here is jow I did it:
1. Go to WHM and select the ssl section. The clink on Install a SSL Certificate and Setup the Domain.
2. Now past first the crt and then the key. It will give you a error but don't worry. Ignore it .
Now it will read the the crt and key and the info will go auto.
3. Now click on the do it button.
Now the it will install it and you are ready to go. There will be no srs but it is not a problem.
I hope this helps you ozzi.
Ronald
Here is jow I did it:
1. Go to WHM and select the ssl section. The clink on Install a SSL Certificate and Setup the Domain.
2. Now past first the crt and then the key. It will give you a error but don't worry. Ignore it .
Now it will read the the crt and key and the info will go auto.
3. Now click on the do it button.
Now the it will install it and you are ready to go. There will be no srs but it is not a problem.
I hope this helps you ozzi.
Ronald
O
ozzi4648
Guest
Found the problem. When you installed your Geotrust cert on your Ensim server you were required to also install the state of authority cert by Geotrust. At least i had to on mine. The state of authority cert was located here on my Ensim server, which i failed to move to my Cpanel server:
/etc/httpd/conf/ssl.crt/geotrustefxca.crt
It's not enough to move just your .crt file and .key file over to cpanel otherwise you will continually get the error msg saying that the company issuing the cert could not be trusted la di da! Just copy the content of the geotrust authority file over to cpanel.
On Cpanel, after you install your valid .crt, .key and .csr file from Ensim create a file called, geotrustca.crt in /etc/httpd/conf/ssl.crt/geotrustca.crt/
Copy your state of authority cert, the cert given to me by Geotrust, into the geotrustca.crt.
In your httpd conf, add the bold line, where indicated:
SSLCertificateFile /usr/share/ssl/certs/srv05.primenet.cc.crt
SSLCertificateKeyFile /usr/share/ssl/private/srv05.primenet.cc.key
[b:a0052e0fc5]SSLCACertificateFile /usr/local/apache/conf/ssl.crt/geotrustca.crt[/b:a0052e0fc5]
Restart apache: /etc/rc.d/init.d/httpd stop then start. Safer to shut it down then to start it otherwise SSL may complain in your error logs.
Mooony, you are probably not using a Geotrust cert thats why it was not requiring the state of authority file. Although that would be strange because even my FreeSSL cert included a state of authority file.
Done! No more untrusted messages.
/etc/httpd/conf/ssl.crt/geotrustefxca.crt
It's not enough to move just your .crt file and .key file over to cpanel otherwise you will continually get the error msg saying that the company issuing the cert could not be trusted la di da! Just copy the content of the geotrust authority file over to cpanel.
On Cpanel, after you install your valid .crt, .key and .csr file from Ensim create a file called, geotrustca.crt in /etc/httpd/conf/ssl.crt/geotrustca.crt/
Copy your state of authority cert, the cert given to me by Geotrust, into the geotrustca.crt.
In your httpd conf, add the bold line, where indicated:
SSLCertificateFile /usr/share/ssl/certs/srv05.primenet.cc.crt
SSLCertificateKeyFile /usr/share/ssl/private/srv05.primenet.cc.key
[b:a0052e0fc5]SSLCACertificateFile /usr/local/apache/conf/ssl.crt/geotrustca.crt[/b:a0052e0fc5]
Restart apache: /etc/rc.d/init.d/httpd stop then start. Safer to shut it down then to start it otherwise SSL may complain in your error logs.
Mooony, you are probably not using a Geotrust cert thats why it was not requiring the state of authority file. Although that would be strange because even my FreeSSL cert included a state of authority file.
Done! No more untrusted messages.
O
ozzi4648
Guest
[quote:1bccbaf27e][i:1bccbaf27e]Originally posted by mooony[/i:1bccbaf27e]
Hi ozzi,
Here is jow I did it:
1. Go to WHM and select the ssl section. The clink on Install a SSL Certificate and Setup the Domain.
2. Now past first the crt and then the key. It will give you a error but don't worry. Ignore it .
Now it will read the the crt and key and the info will go auto.
3. Now click on the do it button.
Now the it will install it and you are ready to go. There will be no srs but it is not a problem.
I hope this helps you ozzi.
Ronald[/quote:1bccbaf27e]
Nope, howabout your state of authroity ROOT CERTIFICATE? It needs to be pasted in BUNDLE or you need to create it manually otherwise how does your cert know the trusted certificate authority?
Hi ozzi,
Here is jow I did it:
1. Go to WHM and select the ssl section. The clink on Install a SSL Certificate and Setup the Domain.
2. Now past first the crt and then the key. It will give you a error but don't worry. Ignore it .
Now it will read the the crt and key and the info will go auto.
3. Now click on the do it button.
Now the it will install it and you are ready to go. There will be no srs but it is not a problem.
I hope this helps you ozzi.
Ronald[/quote:1bccbaf27e]
Nope, howabout your state of authroity ROOT CERTIFICATE? It needs to be pasted in BUNDLE or you need to create it manually otherwise how does your cert know the trusted certificate authority?
O
ozzi4648
Guest
[quote:5eeba6b4b9][i:5eeba6b4b9]Originally posted by ozzi4648[/i:5eeba6b4b9]
Found the problem. When you installed your Geotrust cert on your Ensim server you were required to also install the state of authority cert by Geotrust. At least i had to on mine. The state of authority cert was located here on my Ensim server, which i failed to move to my Cpanel server:
/etc/httpd/conf/ssl.crt/geotrustefxca.crt
It's not enough to move just your .crt file and .key file over to cpanel otherwise you will continually get the error msg saying that the company issuing the cert could not be trusted la di da! Just copy the content of the geotrust authority file over to cpanel.
On Cpanel, after you install your valid .crt, .key and .csr file from Ensim create a file called, geotrustca.crt in /etc/httpd/conf/ssl.crt/geotrustca.crt/
Copy your state of authority cert, the cert given to me by Geotrust, into the geotrustca.crt.
In your httpd conf, add the bold line, where indicated:
SSLCertificateFile /usr/share/ssl/certs/srv05.primenet.cc.crt
SSLCertificateKeyFile /usr/share/ssl/private/srv05.primenet.cc.key
[b:5eeba6b4b9]SSLCACertificateFile /usr/local/apache/conf/ssl.crt/geotrustca.crt[/b:5eeba6b4b9]
Restart apache: /etc/rc.d/init.d/httpd stop then start. Safer to shut it down then to start it otherwise SSL may complain in your error logs.
Mooony, you are probably not using a Geotrust cert thats why it was not requiring the state of authority file. Although that would be strange because even my FreeSSL cert included a state of authority file.
Done! No more untrusted messages. [/quote:5eeba6b4b9]
I take the above back. The above instructions only work with a Geotrust cert and FREESSL chokes. This does not work with FreeSSL. I'm starting to think the FREESSL cert is a piece of you know what.
When i received my e-mail with my certificate i also received a certificate that says:
The ChainedSSL Baltimore Intermediate Certificate:
-----BEGIN CERTIFICATE-----
MIIDXTCCAsagAwIBAgIEAgACpTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
cnVzdCBSb290MB4XDTAyMDkxMzIwMzUwMFoXDTA0MDkxMzIzNTkwMFowODELMAkG
A1UEBhMCVVMxEDAOBgNVBAoTB0ZyZWVTU0wxFzAVBgNVBAMTDkNoYWluZWQgU1NM
IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcKimaySV+/SkI6jHsIXje
kY+EaCiivXzwOpWyN14zedLftE+efF7iPi5RPQ/LsUpKej/FNuaDzIqCHkZSt88i
4GYseoi99n8yf1XGYnTlbTA9bw4kB1ocL/OECJ1e5ebkhbFNIuE/43OauADO+gy4
vi1qi6SbySrQAcB8Ke7gGwIDAQABo4IBZTCCAWEwRQYDVR0fBD4wPDA6oDigNoY0
aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIwMDYvY2Rw
LmNybDAdBgNVHQ4EFgQURRk6Zp0Sogfh7Ywst7xZTRRx2ScwVAYDVR0gBE0wSzBJ
BgoqhkiG+GMBAgEFMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93d3cucHVibGljLXRy
dXN0LmNvbS9DUFMvT21uaVJvb3QuaHRtbDBYBgNVHSMEUTBPoUmkRzBFMQswCQYD
VQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUg
Q3liZXJUcnVzdCBSb290ggIBozArBgNVHRAEJDAigA8yMDAyMDkxMzIwMzUwMFqB
DzIwMDQwOTEzMjM1OTAwWjAOBgNVHQ8BAf8EBAMCAYYwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOBgQA0LbQTVPkAXWZCHs3FWJuovfsLH73AD6KTYbe71eds
/bOVGgz4quF2Qw2BMU/Sb7Tbwsl/HxuttsRP2c/1UV9+Rw4bTEDzE5ZZFpqUnCCL
F4ojLa7COOWqsIpMb8izHyZInIE+2Nb3wAa/O6wgLth7XYOyYHWd+C0UOaUPAZda
ZQ==
-----END CERTIFICATE-----
This is the [u:5eeba6b4b9]root certificate[/u:5eeba6b4b9] of authority cert that FREESSL claims must be installed on your server in order for it to work.
Here is what their installation instructions say:
[b:5eeba6b4b9][u:5eeba6b4b9]Both certificates must be installed for the server certificate to work properly. If the root certificate is not installed, you will receive a warning from your browser stating that the server certificate was issued by an untrusted certificate authority.[/u:5eeba6b4b9][/b:5eeba6b4b9]
Fine! So i paste it in CABUNDLE. That doesnt work. Everyone gets the untrusted authority message. Then i delete the stupid file and create it manually in /usr/share/ssl/certs/ and that doesnt work either. So what gives with these people?
Found the problem. When you installed your Geotrust cert on your Ensim server you were required to also install the state of authority cert by Geotrust. At least i had to on mine. The state of authority cert was located here on my Ensim server, which i failed to move to my Cpanel server:
/etc/httpd/conf/ssl.crt/geotrustefxca.crt
It's not enough to move just your .crt file and .key file over to cpanel otherwise you will continually get the error msg saying that the company issuing the cert could not be trusted la di da! Just copy the content of the geotrust authority file over to cpanel.
On Cpanel, after you install your valid .crt, .key and .csr file from Ensim create a file called, geotrustca.crt in /etc/httpd/conf/ssl.crt/geotrustca.crt/
Copy your state of authority cert, the cert given to me by Geotrust, into the geotrustca.crt.
In your httpd conf, add the bold line, where indicated:
SSLCertificateFile /usr/share/ssl/certs/srv05.primenet.cc.crt
SSLCertificateKeyFile /usr/share/ssl/private/srv05.primenet.cc.key
[b:5eeba6b4b9]SSLCACertificateFile /usr/local/apache/conf/ssl.crt/geotrustca.crt[/b:5eeba6b4b9]
Restart apache: /etc/rc.d/init.d/httpd stop then start. Safer to shut it down then to start it otherwise SSL may complain in your error logs.
Mooony, you are probably not using a Geotrust cert thats why it was not requiring the state of authority file. Although that would be strange because even my FreeSSL cert included a state of authority file.
Done! No more untrusted messages.
[/quote:5eeba6b4b9]I take the above back. The above instructions only work with a Geotrust cert and FREESSL chokes. This does not work with FreeSSL. I'm starting to think the FREESSL cert is a piece of you know what.
When i received my e-mail with my certificate i also received a certificate that says:
The ChainedSSL Baltimore Intermediate Certificate:
-----BEGIN CERTIFICATE-----
MIIDXTCCAsagAwIBAgIEAgACpTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
cnVzdCBSb290MB4XDTAyMDkxMzIwMzUwMFoXDTA0MDkxMzIzNTkwMFowODELMAkG
A1UEBhMCVVMxEDAOBgNVBAoTB0ZyZWVTU0wxFzAVBgNVBAMTDkNoYWluZWQgU1NM
IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcKimaySV+/SkI6jHsIXje
kY+EaCiivXzwOpWyN14zedLftE+efF7iPi5RPQ/LsUpKej/FNuaDzIqCHkZSt88i
4GYseoi99n8yf1XGYnTlbTA9bw4kB1ocL/OECJ1e5ebkhbFNIuE/43OauADO+gy4
vi1qi6SbySrQAcB8Ke7gGwIDAQABo4IBZTCCAWEwRQYDVR0fBD4wPDA6oDigNoY0
aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIwMDYvY2Rw
LmNybDAdBgNVHQ4EFgQURRk6Zp0Sogfh7Ywst7xZTRRx2ScwVAYDVR0gBE0wSzBJ
BgoqhkiG+GMBAgEFMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93d3cucHVibGljLXRy
dXN0LmNvbS9DUFMvT21uaVJvb3QuaHRtbDBYBgNVHSMEUTBPoUmkRzBFMQswCQYD
VQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUg
Q3liZXJUcnVzdCBSb290ggIBozArBgNVHRAEJDAigA8yMDAyMDkxMzIwMzUwMFqB
DzIwMDQwOTEzMjM1OTAwWjAOBgNVHQ8BAf8EBAMCAYYwDAYDVR0TBAUwAwEB/zAN
BgkqhkiG9w0BAQUFAAOBgQA0LbQTVPkAXWZCHs3FWJuovfsLH73AD6KTYbe71eds
/bOVGgz4quF2Qw2BMU/Sb7Tbwsl/HxuttsRP2c/1UV9+Rw4bTEDzE5ZZFpqUnCCL
F4ojLa7COOWqsIpMb8izHyZInIE+2Nb3wAa/O6wgLth7XYOyYHWd+C0UOaUPAZda
ZQ==
-----END CERTIFICATE-----
This is the [u:5eeba6b4b9]root certificate[/u:5eeba6b4b9] of authority cert that FREESSL claims must be installed on your server in order for it to work.
Here is what their installation instructions say:
[b:5eeba6b4b9][u:5eeba6b4b9]Both certificates must be installed for the server certificate to work properly. If the root certificate is not installed, you will receive a warning from your browser stating that the server certificate was issued by an untrusted certificate authority.[/u:5eeba6b4b9][/b:5eeba6b4b9]
Fine! So i paste it in CABUNDLE. That doesnt work. Everyone gets the untrusted authority message. Then i delete the stupid file and create it manually in /usr/share/ssl/certs/ and that doesnt work either. So what gives with these people?
O
ozzi4648
Guest
[quote:90cf8871e3][i:90cf8871e3]Originally posted by mooony[/i:90cf8871e3]
Ozzi,
Like I said before I moved my thawte crt to cpanel with no problem.
look at it here: https://www.rem-graphics.it
Ronald[/quote:90cf8871e3]
Yes you may have as you said its a Thawte however your link does not work. At least its not a secure connection!!!
Ozzi,
Like I said before I moved my thawte crt to cpanel with no problem.
look at it here: https://www.rem-graphics.it
Ronald[/quote:90cf8871e3]
Yes you may have as you said its a Thawte however your link does not work. At least its not a secure connection!!!
| Thread starter | Similar threads | Forum | Replies | Date |
|---|---|---|---|---|
| C | Moving from Ensim to cPanel Issues | Transfers | 4 | |
| R | moving sites from Ensim to CPanel | Transfers | 2 | |
| S | Moving Ensim Sites to cPanel | Transfers | 0 | |
| U | Moving Ensim 3.1.X accounts to CPanel 8.8.0 | Transfers | 0 | |
| B | Moving from Ensim 3.1 to Cpanel | Transfers | 0 |