The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL cert problems

Discussion in 'General Discussion' started by erinspice, Feb 7, 2007.

  1. erinspice

    erinspice Well-Known Member

    Joined:
    Feb 12, 2006
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    16
    When you go to my website using https, you get a popup that says "certificate authority might be unknown, certificate might be expired, server configuration might be incorrect." The website shows up correctly if you choose to accept the cert though. My cert was installed through WHM. and WHM said it works. Through cPanel under SSL manager, my CSR, key, and crt all have the same modulus, and my crt doesn't exipre until Jan 12 19:59:47 2008 GMT.

    Do you know what the problem could be? Server config looks like this:

    Code:
    <IfDefine SSL>
    <VirtualHost 11.22.33.44:443>
    ServerAdmin webmaster@domain.net
    DocumentRoot /home/username/public_html
    BytesLog domlogs/domain.net-bytes_log
    User username
    Group username
    ServerName domain.net
    UserDir public_html
    
    User username
    Group username
    ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
    
    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/domain.net.crt
    SSLCertificateKeyFile /usr/share/ssl/private/domain.net.key
    SSLLogFile /usr/local/apache/domlogs/domain.net-ssl_data_log
    CustomLog /usr/local/apache/domlogs/domain.net-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
    </VirtualHost>
    </IfDefine>
     
  2. partsace

    partsace Active Member

    Joined:
    Jan 11, 2007
    Messages:
    38
    Likes Received:
    0
    Trophy Points:
    6
    SSL Problems

    Where did you get your cert from? Most of the time, the bottom box will need a bundle.crt to be installed for most browser to know who issued it.

    Scott
     
  3. erinspice

    erinspice Well-Known Member

    Joined:
    Feb 12, 2006
    Messages:
    99
    Likes Received:
    0
    Trophy Points:
    16
    Yeah, I had a cabundle.
     
  4. Nic

    Nic Member

    Joined:
    Dec 9, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    SSLCertificateFile /usr/share/ssl/certs/domain.net.crt
    SSLCertificateKeyFile /usr/share/ssl/private/domain.net.key

    Where is ca-bundle?
    You should try to install it manually via shell.
     
  5. Arcie

    Arcie Member

    Joined:
    Jan 1, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Colorado
    OK, How?

    I'm having the exact same problem. I'd be happy to add a reference to the ca-bundle, which I have confirmed does exist in /usr/share/ssl/certs/, but how -- exactly -- do I add a reference to it in httpd.conf?

    And to confuse things even more, my secure site's VirtualHost entry doesn't reference the certs at all -- and I know they're there (and work -- with that annoying error to the user):

    Code:
    ServerAlias [url]www.secure.my-domain.com[/url] secure.my-domain.com
    ServerAdmin [email]webmaster@secure.my-domain.com[/email]
    DocumentRoot /home/secure/public_html
    ServerName [url]www.secure.my-domain.com[/url]
    User secure
    Group secure
    CustomLog domlogs/secure.my-domain.com combined
    ScriptAlias /cgi-bin/ /home/secure/public_html/cgi-bin/
    You'd think this would be a common enough problem that the Code Warriors would fix this -- I searched and found a lot of problems posted, but no actual solutions have been offered....

    *sigh* :confused:
     
  6. Arcie

    Arcie Member

    Joined:
    Jan 1, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Colorado
    How I fixed my chained SSL bundle problem

    First, the quick answer to my own question:

    Code:
    SSLEnable
    SSLCertificateFile /usr/share/ssl/certs/secure.my-domain.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/secure.my-domain.com.key
    SSLCACertificateFile /usr/share/ssl/certs/secure.my-domain.com.cabundle
    OK, so how did I figure this out, AND solve the bundle problem (browsers were showing warnings) with my GoDaddy cert?

    I *removed* the cert from my server completely (which caused all requests to the site to fail, but such is life for a little while), and then reinstalled it from scratch. Loading the new cert on top of the old one simply didn't work -- tried that many times. But wiping out the cert in WHM and then installing it again worked fine. Whew! Hope that helps others.
     
  7. kipper3d

    kipper3d Well-Known Member

    Joined:
    Jul 14, 2002
    Messages:
    52
    Likes Received:
    0
    Trophy Points:
    6
    You must create CSR and install SSL certificates in shell.

    SSL has not worked in cpanel or WHM for as long as I can remember. I dont know why the heck they cant fix this!!!

    CPANEL FIX THE SSL ISSUES FOR ONCE!
     
  8. Arcie

    Arcie Member

    Joined:
    Jan 1, 2004
    Messages:
    6
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Colorado
    I have not had an issue with that. I created my CSRs and installed the certs via WHM, with only the problem discussed and the solution I posted.
     
  9. bmcpanel

    bmcpanel Well-Known Member

    Joined:
    Jun 1, 2002
    Messages:
    546
    Likes Received:
    0
    Trophy Points:
    16
    Also, remember if you are using a GoDaddy chained ssl (TurboSSL), you must reference the bundle that comes with the cert.

    1. Insert the bundle file somewhere on your server. You can place it wherever you wish. I place mine in.....

    /usr/share/ssl/certs/gd_bundle.crt

    2. Open the Apache httpd.conf file and add the following directives:

    * SSLCertificateFile /path to certificate file/your issued certificate
    * SSLCertificateKeyFile /path to key file/your key file
    >>* SSLCertificateChainFile /usr/share/ssl/certs/gd_bundle.crt

    Make sure the SSLCertificateChainFile correctly points to the path of the gd_bundle.crt file

    3. Restart httpd

    Voila!
     
    #9 bmcpanel, Mar 18, 2007
    Last edited: Mar 18, 2007
Loading...

Share This Page