The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Certs

Discussion in 'General Discussion' started by WildWayz, May 15, 2002.

  1. WildWayz

    WildWayz Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    Hi ya

    I am having a problem with my SSL cert.

    I went into Install an &SSL Certificate and Setup the Domain& with the key that Thawte gave me, pasted it into the first box. Entered the domain it is for, username and IP.
    I then clicked on Do It and it said the key was intact and HTTP restarted OK.

    When I go to
    https://secure.insomnia-webhosting.com
    it is a Page not found error.

    Any ideas?

    James
     
  2. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    Was the cert bought for secure.insomnia-webhosting.com or just insomnia-webhosting.com? Which files can you see in /usr/share/ssl/certs/? Check the *.crt, *.key and *.csr files.

    Are you restarting apache with the sslstart option?
     
  3. WildWayz

    WildWayz Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    Hi moronhead,

    Thanks for the post.

    The cert was bought for secure.insomnia-webhosting.com. In /usr/share/ssl/certs it has the correct files in there same with /usr/share/ssl/private

    As for apache, I am doing it via

    /etc/rc.d/init.d/httpd stop
    then
    /etc/rc.d/init.d/httpd start

    if I try
    /usr/local/apache/bin/apachectl startssl
    it says something like
    Unknown commad SSLVerify
    (or something like that)

    Have you got the exact steps you use to make it?
    Do you create the domain first, say secure.insomnia-webhosting.com then carry out the rest? What process do you use for your THAWTE cert?

    James
     
  4. fbsd4me

    fbsd4me Registered

    Joined:
    Apr 10, 2002
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    I’m having nothing but problems as well. Every time I install an SSL certificate, (just using fake ones for now), they keep messing up the Apache config file, and in some cases, will crash Apache on restart altogether.

    I’ve been at this for 2-days, and for the life of me, cannot figure out what in God’s name has gone wacko with this system. Run /usr/sbin/httpd configtest and this is what you get:

    Warning: DocumentRoot [1/public_html] does not exist
    Syntax error on line 1203 of /usr/local/apache/conf/httpd.conf:
    Invalid command 'SSLVerifyClient', perhaps mis-spelled or defined by a module not included in the server configuration.

    Well, Apache is right. 1/public_html “does not” exist, and why WHM is creating it is beyond me. You can try and comment it out, but then it causes another bunch of errors. I’m so sick of this…

    All I want to do is install is simple SSL cert, and I’m plagued with nothing but problems. However, SSL will work to some degree. It also flakes out at random, so I don’t believe the above config is helping at all.

    Does anyone know how to totally avoid the WHM method, and do this manually? I’d certainly be willing to entertain that right now.

    WildWayz, can you try /usr/sbin/httpd configtest and see if you recieve errors as well?

    Thanks
     
  5. WildWayz

    WildWayz Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    I get the same error as you
    Invalid command 'SSLVerifyClient', perhaps mis-spelled or defined by a module not included in the server configuration.
    or
    Invalid command 'SSLVerify', perhaps mis-spelled or defined by a module not included in the server configuration.

    James
     
  6. fbsd4me

    fbsd4me Registered

    Joined:
    Apr 10, 2002
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Thanks man.

    Obviously something’s been messed up in the SSL install. There’s probably something we can delete to get it working properly for now, but I don’t know what that is. If you comment out 1/public_html, it starts complaining about the next line, which is SSLEnable. If you remove that, it just creates additional errors.

    Again, SSL may work to some degree in this state, but at some unlucky point, those config test errors will stop Apache from restarting, and then you have a real headache on your hands, as it wipes out access to WHM as well.

    I had that happen a couple of nights ago. It was totally confusing, as I could not figure out why (for no reason at all) Apache just locked up, and WHM was gone. When I ran the config, I found those errors. Anyway, I wouldn’t trust running it until those errors are corrected.

    Suggestions anyone? :p
     
  7. WildWayz

    WildWayz Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    209
    Likes Received:
    0
    Trophy Points:
    16
    It's always been like this.
    Back in November/ December, I bought ModernBill and the secure certificate (Thawte) - had problems installing it there too. Can't remember what I did to fix it - one minute it wasn't working - went to bed and it was working in the morning!

    Weird!

    James
     
  8. Juanra

    Juanra Well-Known Member

    Joined:
    Sep 22, 2001
    Messages:
    777
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Spain
    [quote:646e1016d5][i:646e1016d5]Originally posted by WildWayz[/i:646e1016d5]
    Have you got the exact steps you use to make it?
    Do you create the domain first, say secure.insomnia-webhosting.com then carry out the rest? What process do you use for your THAWTE cert?[/quote:646e1016d5]

    This is what I did to install my Thawte cert (couldn't do it from WHM):

    1.- Save cert and key in the server (with the correct permissions: 0400 root.root).

    2.- Create the subdomain from CPanel. That will add a VirtualHost section in httpd.conf, for example:

    &VirtualHost xx.yy.zzz.ttt&
    ServerName secure.example.com
    ServerAdmin webmaster@example.com
    DocumentRoot /home/username/public_html
    BytesLog domlogs/example.com-bytes_log
    CustomLog domlogs/example.com combined
    ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
    &/VirtualHost&

    3.- Add another similar block for accessing through SSL:

    &IfDefine SSL&
    &VirtualHost xx.yy.zzz.ttt:443&
    ServerName secure.example.com
    ServerAdmin webmaster@example.com
    DocumentRoot /home/username/public_html
    BytesLog domlogs/example.com-bytes_log
    CustomLog domlogs/example.com combined
    ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
    SSLEngine On
    SSLCertificateFile /path/to/secure.example.com.crt
    SSLCertificateKeyFile /path/to/secure.example.com.key
    SetEnvIf User-Agent &.*MSIE.*& nokeepalive ssl-unclean-shutdown
    &/VirtualHost&
    &/IfDefine&

    4.- Restart Apache
     
  9. fbsd4me

    fbsd4me Registered

    Joined:
    Apr 10, 2002
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Hey thanks Juanra.

    I'm going to give that a try! :)
     
Loading...

Share This Page