SSL / HTTPS not working with self-signed certs?

PhilGlau

Active Member
Nov 3, 2010
27
0
51
I've read through some of the other post regarding these issues, but I can't find the answer given what I'm seeing on my server. I'm new to cPanel/WHM, but not hosting in general.

Okay here's the deal (I've changed the actual names to fake names throughout.)

I've got "srv04.mybox.com" set up as the host for WHM. I can login and administer it as root.

I've got a website installed on a dedicated IP address called "mysite.com".

In WHM, I used "Generate a SSL Certificate and Signing Request" to generate a self-signed SSL cert/csr/key for my subdomin that I want to protect, "protected.mysite.com" (as opposed to just the 'www.mysite.com'.)

Next I used "Install a SSL Certificate and Setup the Domain" to install it. I can navigate to /etc/ssl/certs and see that the crt is there and the key is in the private folder.

In /etc/httpd/conf/httpd.conf I find the correct virtual block for my ip address:

Code:
<VirtualHost 174.---.---.---:443>
    ServerName protected.mysite.com
    ServerAlias www.protected.mysite.com
    DocumentRoot /home/adminname/public_html/clientarea
    ServerAdmin [email protected]
    UseCanonicalName Off
    CustomLog /usr/local/apache/domlogs/protected.mysite.com combined
    CustomLog /usr/local/apache/domlogs/protected.mysite.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
    ## User adminname # Needed for Cpanel::ApacheConf
    <IfModule mod_suphp.c>
        suPHP_UserGroup adminname adminname
    </IfModule>
    <IfModule !mod_disable_suexec.c>
        SuexecUserGroup adminname adminname
    </IfModule>
    ScriptAlias /cgi-bin/ /home/adminname/public_html/clientarea/cgi-bin/
    SSLEngine on

    SSLCertificateFile /etc/ssl/certs/protected.mysite.com.crt
    SSLCertificateKeyFile /etc/ssl/private/protected.mysite.com.key
    CustomLog /usr/local/apache/domlogs/protected.mysite.com-ssl_log combined
    SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
      <Directory "/home/adminname/public_html/clientarea/cgi-bin">
        SSLOptions +StdEnvVars
    </Directory>


</VirtualHost>
Everything looks good ??

That should be it right? (I repeated the same steps above to self-sign a cert for srv04.mybox.com as well, thinking that perhaps the server needed certificate seperate from the ones used the access ports (2087, 2083,etc)

It doesn't work for me. When I go to 'protected.mysite.com' it doesn't connect. I tried telneting in to both the server's 443 address as well as the sites 443 address with:

telnet srv04.mybox.com 443
telnet protected.mysite.com 443

and it does not connect.

What am I doing wrong?


Postscript:
/etc/ssl/certs has a bunch of 'old' files even though I only installed the request once.

Code:
-rw-r--r-- 1 root root 1.9K Jan 14 18:32 protected.mysite.com.crt
-rw-r--r-- 1 root root 1.9K Jan 14 18:26 protected.mysite.com.old.1295058553
-rw-r--r-- 1 root root 1.9K Jan 14 18:31 protected.mysite.com.old.1295058726
-rw-r--r-- 1 root root 1.2K Jan 14 18:31 protected.mysite.com.csr
-rw-r--r-- 1 root root 1.2K Jan 14 18:26 protected.mysite.com.csr.old.1295058679
 

PhilGlau

Active Member
Nov 3, 2010
27
0
51
... er... I feel like a dope...

firewall misconfigured..

Opened port 443 and things work as expected.

.. walks away in shame...