The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Moving Ensim cert to a cpanel server

Discussion in 'General Discussion' started by ozzi4648, Jan 9, 2003.

  1. ozzi4648

    ozzi4648 Guest

    Has anyone successfully move their Ensim cert, csr, key from an Ensim server over to their Cpanel server with success?
     
  2. mooony

    mooony Well-Known Member

    Joined:
    Nov 9, 2002
    Messages:
    82
    Likes Received:
    0
    Trophy Points:
    6
    Hi,

    I moved two thawte crt from ensim to cpanel without any problems.

    Create a new crt request that is the same as the one you have on the ensim server. The copy the crt to cpanel and you are done.

    Ronald
     
  3. ozzi4648

    ozzi4648 Guest

    [quote:bbeda2ab3f][i:bbeda2ab3f]Originally posted by mooony[/i:bbeda2ab3f]

    Hi,

    I moved two thawte crt from ensim to cpanel without any problems.

    Create a new crt request that is the same as the one you have on the ensim server. The copy the crt to cpanel and you are done.

    Ronald[/quote:bbeda2ab3f]

    Thats what i thought about doing, thanks! The only difference is the password that Ensim does not ask for but if you got it working i will try it!
     
  4. ozzi4648

    ozzi4648 Guest

    Eeeks, this almost works but not exactly. I simply copied my certs from the Ensim server. Everthing installed properly however i'm getting the error that says: The security certificate was issued by a company you have not trusted la di da. I have tried to say YES trust the stupid thing but its not part of the root authority and it will refuse to install the cert on my end. I have tried this on one two other pc's, windows reports the certificate is not a issued by a trusted company.

    Dont understand this because you should be able to take certs from server to server as long as your running it on the same domain. It is not ip specific.

    Also now i am getting that damn AUTHENTICATION BOX again, on my new server. CPANEL are you listening??? We need this resolved!!!!!!!!!!!!!!!!!!!!!!
     
  5. mooony

    mooony Well-Known Member

    Joined:
    Nov 9, 2002
    Messages:
    82
    Likes Received:
    0
    Trophy Points:
    6
    Hi ozzi,

    At first I got this error as well. I recreated te cert but without inserting the data. I copied the request and the crt in the whm window and created the crt. This time it worked. I have 8 crt in this way without any problems.

    Ronald
     
  6. ozzi4648

    ozzi4648 Guest

    [quote:14697bf0f0][i:14697bf0f0]Originally posted by mooony[/i:14697bf0f0]

    Hi ozzi,

    At first I got this error as well. I recreated te cert but without inserting the data. I copied the request and the crt in the whm window and created the crt. This time it worked. I have 8 crt in this way without any problems.

    Ronald[/quote:14697bf0f0]

    You mean you created the csr in WHM before copying the certificate and the key? Yes but the cPanel CSR requires a userid and password which is not a requried field on Ensim CSR request. I dont know if this even matters.
     
  7. ozzi4648

    ozzi4648 Guest

    [quote:ac2c03aae6][i:ac2c03aae6]Originally posted by mooony[/i:ac2c03aae6]

    Hi ozzi,

    At first I got this error as well. I recreated te cert but without inserting the data. [/quote:ac2c03aae6]

    What do you mean? Which cert are you referring to? Are you talking about the csr?

    [quote:ac2c03aae6]I copied the request and the crt in the whm window and created the crt.[/quote:ac2c03aae6]

    You can only copy the certificate and the key into the window
     
  8. mooony

    mooony Well-Known Member

    Joined:
    Nov 9, 2002
    Messages:
    82
    Likes Received:
    0
    Trophy Points:
    6
    Hi ozzi,

    Here is jow I did it:

    1. Go to WHM and select the ssl section. The clink on Install a SSL Certificate and Setup the Domain.

    2. Now past first the crt and then the key. It will give you a error but don't worry. Ignore it .

    Now it will read the the crt and key and the info will go auto.

    3. Now click on the do it button.

    Now the it will install it and you are ready to go. There will be no srs but it is not a problem.

    I hope this helps you ozzi.

    Ronald
     
  9. ozzi4648

    ozzi4648 Guest

    Found the problem. When you installed your Geotrust cert on your Ensim server you were required to also install the state of authority cert by Geotrust. At least i had to on mine. The state of authority cert was located here on my Ensim server, which i failed to move to my Cpanel server:

    /etc/httpd/conf/ssl.crt/geotrustefxca.crt

    It's not enough to move just your .crt file and .key file over to cpanel otherwise you will continually get the error msg saying that the company issuing the cert could not be trusted la di da! Just copy the content of the geotrust authority file over to cpanel.

    On Cpanel, after you install your valid .crt, .key and .csr file from Ensim create a file called, geotrustca.crt in /etc/httpd/conf/ssl.crt/geotrustca.crt/

    Copy your state of authority cert, the cert given to me by Geotrust, into the geotrustca.crt.

    In your httpd conf, add the bold line, where indicated:

    SSLCertificateFile /usr/share/ssl/certs/srv05.primenet.cc.crt
    SSLCertificateKeyFile /usr/share/ssl/private/srv05.primenet.cc.key
    [b:a0052e0fc5]SSLCACertificateFile /usr/local/apache/conf/ssl.crt/geotrustca.crt[/b:a0052e0fc5]

    Restart apache: /etc/rc.d/init.d/httpd stop then start. Safer to shut it down then to start it otherwise SSL may complain in your error logs.

    Mooony, you are probably not using a Geotrust cert thats why it was not requiring the state of authority file. Although that would be strange because even my FreeSSL cert included a state of authority file.

    Done! No more untrusted messages. ;)
     
  10. ozzi4648

    ozzi4648 Guest

    [quote:1bccbaf27e][i:1bccbaf27e]Originally posted by mooony[/i:1bccbaf27e]

    Hi ozzi,

    Here is jow I did it:

    1. Go to WHM and select the ssl section. The clink on Install a SSL Certificate and Setup the Domain.

    2. Now past first the crt and then the key. It will give you a error but don't worry. Ignore it .

    Now it will read the the crt and key and the info will go auto.

    3. Now click on the do it button.

    Now the it will install it and you are ready to go. There will be no srs but it is not a problem.

    I hope this helps you ozzi.

    Ronald[/quote:1bccbaf27e]

    Nope, howabout your state of authroity ROOT CERTIFICATE? It needs to be pasted in BUNDLE or you need to create it manually otherwise how does your cert know the trusted certificate authority?
     
  11. ozzi4648

    ozzi4648 Guest

    [quote:5eeba6b4b9][i:5eeba6b4b9]Originally posted by ozzi4648[/i:5eeba6b4b9]

    Found the problem. When you installed your Geotrust cert on your Ensim server you were required to also install the state of authority cert by Geotrust. At least i had to on mine. The state of authority cert was located here on my Ensim server, which i failed to move to my Cpanel server:

    /etc/httpd/conf/ssl.crt/geotrustefxca.crt

    It's not enough to move just your .crt file and .key file over to cpanel otherwise you will continually get the error msg saying that the company issuing the cert could not be trusted la di da! Just copy the content of the geotrust authority file over to cpanel.

    On Cpanel, after you install your valid .crt, .key and .csr file from Ensim create a file called, geotrustca.crt in /etc/httpd/conf/ssl.crt/geotrustca.crt/

    Copy your state of authority cert, the cert given to me by Geotrust, into the geotrustca.crt.

    In your httpd conf, add the bold line, where indicated:

    SSLCertificateFile /usr/share/ssl/certs/srv05.primenet.cc.crt
    SSLCertificateKeyFile /usr/share/ssl/private/srv05.primenet.cc.key
    [b:5eeba6b4b9]SSLCACertificateFile /usr/local/apache/conf/ssl.crt/geotrustca.crt[/b:5eeba6b4b9]

    Restart apache: /etc/rc.d/init.d/httpd stop then start. Safer to shut it down then to start it otherwise SSL may complain in your error logs.

    Mooony, you are probably not using a Geotrust cert thats why it was not requiring the state of authority file. Although that would be strange because even my FreeSSL cert included a state of authority file.

    Done! No more untrusted messages. ;) [/quote:5eeba6b4b9]

    I take the above back. The above instructions only work with a Geotrust cert and FREESSL chokes. This does not work with FreeSSL. I'm starting to think the FREESSL cert is a piece of you know what.

    When i received my e-mail with my certificate i also received a certificate that says:

    The ChainedSSL Baltimore Intermediate Certificate:

    -----BEGIN CERTIFICATE-----
    MIIDXTCCAsagAwIBAgIEAgACpTANBgkqhkiG9w0BAQUFADBFMQswCQYDVQQGEwJV
    UzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUgQ3liZXJU
    cnVzdCBSb290MB4XDTAyMDkxMzIwMzUwMFoXDTA0MDkxMzIzNTkwMFowODELMAkG
    A1UEBhMCVVMxEDAOBgNVBAoTB0ZyZWVTU0wxFzAVBgNVBAMTDkNoYWluZWQgU1NM
    IENBMIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCcKimaySV+/SkI6jHsIXje
    kY+EaCiivXzwOpWyN14zedLftE+efF7iPi5RPQ/LsUpKej/FNuaDzIqCHkZSt88i
    4GYseoi99n8yf1XGYnTlbTA9bw4kB1ocL/OECJ1e5ebkhbFNIuE/43OauADO+gy4
    vi1qi6SbySrQAcB8Ke7gGwIDAQABo4IBZTCCAWEwRQYDVR0fBD4wPDA6oDigNoY0
    aHR0cDovL3d3dy5wdWJsaWMtdHJ1c3QuY29tL2NnaS1iaW4vQ1JMLzIwMDYvY2Rw
    LmNybDAdBgNVHQ4EFgQURRk6Zp0Sogfh7Ywst7xZTRRx2ScwVAYDVR0gBE0wSzBJ
    BgoqhkiG+GMBAgEFMDswOQYIKwYBBQUHAgEWLWh0dHA6Ly93d3cucHVibGljLXRy
    dXN0LmNvbS9DUFMvT21uaVJvb3QuaHRtbDBYBgNVHSMEUTBPoUmkRzBFMQswCQYD
    VQQGEwJVUzEYMBYGA1UEChMPR1RFIENvcnBvcmF0aW9uMRwwGgYDVQQDExNHVEUg
    Q3liZXJUcnVzdCBSb290ggIBozArBgNVHRAEJDAigA8yMDAyMDkxMzIwMzUwMFqB
    DzIwMDQwOTEzMjM1OTAwWjAOBgNVHQ8BAf8EBAMCAYYwDAYDVR0TBAUwAwEB/zAN
    BgkqhkiG9w0BAQUFAAOBgQA0LbQTVPkAXWZCHs3FWJuovfsLH73AD6KTYbe71eds
    /bOVGgz4quF2Qw2BMU/Sb7Tbwsl/HxuttsRP2c/1UV9+Rw4bTEDzE5ZZFpqUnCCL
    F4ojLa7COOWqsIpMb8izHyZInIE+2Nb3wAa/O6wgLth7XYOyYHWd+C0UOaUPAZda
    ZQ==
    -----END CERTIFICATE-----

    This is the [u:5eeba6b4b9]root certificate[/u:5eeba6b4b9] of authority cert that FREESSL claims must be installed on your server in order for it to work.

    Here is what their installation instructions say:

    [b:5eeba6b4b9][u:5eeba6b4b9]Both certificates must be installed for the server certificate to work properly. If the root certificate is not installed, you will receive a warning from your browser stating that the server certificate was issued by an untrusted certificate authority.[/u:5eeba6b4b9][/b:5eeba6b4b9]

    Fine! So i paste it in CABUNDLE. That doesnt work. Everyone gets the untrusted authority message. Then i delete the stupid file and create it manually in /usr/share/ssl/certs/ and that doesnt work either. So what gives with these people?
     
  12. mooony

    mooony Well-Known Member

    Joined:
    Nov 9, 2002
    Messages:
    82
    Likes Received:
    0
    Trophy Points:
    6
    Ozzi,

    Like I said before I moved my thawte crt to cpanel with no problem.

    look at it here: https://www.rem-graphics.it

    Ronald
     
  13. ozzi4648

    ozzi4648 Guest

    [quote:90cf8871e3][i:90cf8871e3]Originally posted by mooony[/i:90cf8871e3]

    Ozzi,

    Like I said before I moved my thawte crt to cpanel with no problem.

    look at it here: https://www.rem-graphics.it

    Ronald[/quote:90cf8871e3]

    Yes you may have as you said its a Thawte however your link does not work. At least its not a secure connection!!!
     
  14. mooony

    mooony Well-Known Member

    Joined:
    Nov 9, 2002
    Messages:
    82
    Likes Received:
    0
    Trophy Points:
    6
    Ozzi,

    There is link in that page that shows a banner, If you click not to display that link it is secure.

    By the way freessl does install using the ssl manager.

    Ronald
     
Loading...

Share This Page