SSL Certs

[WildWayz]

Hi ya

I am having a problem with my SSL cert.

I went into Install an &SSL Certificate and Setup the Domain& with the key that Thawte gave me, pasted it into the first box. Entered the domain it is for, username and IP.
I then clicked on Do It and it said the key was intact and HTTP restarted OK.

When I go to
https://secure.insomnia-webhosting.com
it is a Page not found error.

Any ideas?

James

 

[moronhead]

Was the cert bought for secure.insomnia-webhosting.com or just insomnia-webhosting.com? Which files can you see in /usr/share/ssl/certs/? Check the *.crt, *.key and *.csr files.

Are you restarting apache with the sslstart option?

 

[WildWayz]

Hi moronhead,

Thanks for the post.

The cert was bought for secure.insomnia-webhosting.com. In /usr/share/ssl/certs it has the correct files in there same with /usr/share/ssl/private

As for apache, I am doing it via

/etc/rc.d/init.d/httpd stop
then
/etc/rc.d/init.d/httpd start

if I try
/usr/local/apache/bin/apachectl startssl
it says something like
Unknown commad SSLVerify
(or something like that)

Have you got the exact steps you use to make it?
Do you create the domain first, say secure.insomnia-webhosting.com then carry out the rest? What process do you use for your THAWTE cert?

James

 

[fbsd4me]

I’m having nothing but problems as well. Every time I install an SSL certificate, (just using fake ones for now), they keep messing up the Apache config file, and in some cases, will crash Apache on restart altogether.

I’ve been at this for 2-days, and for the life of me, cannot figure out what in God’s name has gone wacko with this system. Run /usr/sbin/httpd configtest and this is what you get:

Warning: DocumentRoot [1/public_html] does not exist
Syntax error on line 1203 of /usr/local/apache/conf/httpd.conf:
Invalid command 'SSLVerifyClient', perhaps mis-spelled or defined by a module not included in the server configuration.

Well, Apache is right. 1/public_html “does not” exist, and why WHM is creating it is beyond me. You can try and comment it out, but then it causes another bunch of errors. I’m so sick of this…

All I want to do is install is simple SSL cert, and I’m plagued with nothing but problems. However, SSL will work to some degree. It also flakes out at random, so I don’t believe the above config is helping at all.

Does anyone know how to totally avoid the WHM method, and do this manually? I’d certainly be willing to entertain that right now.

WildWayz, can you try /usr/sbin/httpd configtest and see if you recieve errors as well?

Thanks

 

[WildWayz]

I get the same error as you
Invalid command 'SSLVerifyClient', perhaps mis-spelled or defined by a module not included in the server configuration.
or
Invalid command 'SSLVerify', perhaps mis-spelled or defined by a module not included in the server configuration.

James

 

[fbsd4me]

Thanks man.

Obviously something’s been messed up in the SSL install. There’s probably something we can delete to get it working properly for now, but I don’t know what that is. If you comment out 1/public_html, it starts complaining about the next line, which is SSLEnable. If you remove that, it just creates additional errors.

Again, SSL may work to some degree in this state, but at some unlucky point, those config test errors will stop Apache from restarting, and then you have a real headache on your hands, as it wipes out access to WHM as well.

I had that happen a couple of nights ago. It was totally confusing, as I could not figure out why (for no reason at all) Apache just locked up, and WHM was gone. When I ran the config, I found those errors. Anyway, I wouldn’t trust running it until those errors are corrected.

Suggestions anyone? :p

 

[WildWayz]

It's always been like this.
Back in November/ December, I bought ModernBill and the secure certificate (Thawte) - had problems installing it there too. Can't remember what I did to fix it - one minute it wasn't working - went to bed and it was working in the morning!

Weird!

James

 

[Juanra]

[quote:646e1016d5][i:646e1016d5]Originally posted by WildWayz[/i:646e1016d5]
Have you got the exact steps you use to make it?
Do you create the domain first, say secure.insomnia-webhosting.com then carry out the rest? What process do you use for your THAWTE cert?[/quote:646e1016d5]

This is what I did to install my Thawte cert (couldn't do it from WHM):

1.- Save cert and key in the server (with the correct permissions: 0400 root.root).

2.- Create the subdomain from CPanel. That will add a VirtualHost section in httpd.conf, for example:

&VirtualHost xx.yy.zzz.ttt&
ServerName secure.example.com
ServerAdmin [email protected]
DocumentRoot /home/username/public_html
BytesLog domlogs/example.com-bytes_log
CustomLog domlogs/example.com combined
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
&/VirtualHost&

3.- Add another similar block for accessing through SSL:

&IfDefine SSL&
&VirtualHost xx.yy.zzz.ttt:443&
ServerName secure.example.com
ServerAdmin [email protected]
DocumentRoot /home/username/public_html
BytesLog domlogs/example.com-bytes_log
CustomLog domlogs/example.com combined
ScriptAlias /cgi-bin/ /home/username/public_html/cgi-bin/
SSLEngine On
SSLCertificateFile /path/to/secure.example.com.crt
SSLCertificateKeyFile /path/to/secure.example.com.key
SetEnvIf User-Agent &.*MSIE.*& nokeepalive ssl-unclean-shutdown
&/VirtualHost&
&/IfDefine&

4.- Restart Apache

 

[fbsd4me]

Hey thanks Juanra.

I'm going to give that a try!