Please whitelist cPanel in your adblocker so that you’re able to see our version release promotions, thanks!

The Community Forums

Interact with an entire community of cPanel & WHM users!

SSL / HTTPS not working with self-signed certs?

Discussion in 'General Discussion' started by PhilGlau, Jan 14, 2011.

  1. PhilGlau

    PhilGlau Active Member

    Joined:
    Nov 3, 2010
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    51
    I've read through some of the other post regarding these issues, but I can't find the answer given what I'm seeing on my server. I'm new to cPanel/WHM, but not hosting in general.

    Okay here's the deal (I've changed the actual names to fake names throughout.)

    I've got "srv04.mybox.com" set up as the host for WHM. I can login and administer it as root.

    I've got a website installed on a dedicated IP address called "mysite.com".

    In WHM, I used "Generate a SSL Certificate and Signing Request" to generate a self-signed SSL cert/csr/key for my subdomin that I want to protect, "protected.mysite.com" (as opposed to just the 'www.mysite.com'.)

    Next I used "Install a SSL Certificate and Setup the Domain" to install it. I can navigate to /etc/ssl/certs and see that the crt is there and the key is in the private folder.

    In /etc/httpd/conf/httpd.conf I find the correct virtual block for my ip address:

    Code:
    <VirtualHost 174.---.---.---:443>
        ServerName protected.mysite.com
        ServerAlias www.protected.mysite.com
        DocumentRoot /home/adminname/public_html/clientarea
        ServerAdmin webmaster@protected.mysite.com
        UseCanonicalName Off
        CustomLog /usr/local/apache/domlogs/protected.mysite.com combined
        CustomLog /usr/local/apache/domlogs/protected.mysite.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
        ## User adminname # Needed for Cpanel::ApacheConf
        <IfModule mod_suphp.c>
            suPHP_UserGroup adminname adminname
        </IfModule>
        <IfModule !mod_disable_suexec.c>
            SuexecUserGroup adminname adminname
        </IfModule>
        ScriptAlias /cgi-bin/ /home/adminname/public_html/clientarea/cgi-bin/
        SSLEngine on
    
        SSLCertificateFile /etc/ssl/certs/protected.mysite.com.crt
        SSLCertificateKeyFile /etc/ssl/private/protected.mysite.com.key
        CustomLog /usr/local/apache/domlogs/protected.mysite.com-ssl_log combined
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
          <Directory "/home/adminname/public_html/clientarea/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
    
    
    </VirtualHost>
    Everything looks good ??

    That should be it right? (I repeated the same steps above to self-sign a cert for srv04.mybox.com as well, thinking that perhaps the server needed certificate seperate from the ones used the access ports (2087, 2083,etc)

    It doesn't work for me. When I go to 'protected.mysite.com' it doesn't connect. I tried telneting in to both the server's 443 address as well as the sites 443 address with:

    telnet srv04.mybox.com 443
    telnet protected.mysite.com 443

    and it does not connect.

    What am I doing wrong?


    Postscript:
    /etc/ssl/certs has a bunch of 'old' files even though I only installed the request once.

    Code:
    -rw-r--r-- 1 root root 1.9K Jan 14 18:32 protected.mysite.com.crt
    -rw-r--r-- 1 root root 1.9K Jan 14 18:26 protected.mysite.com.old.1295058553
    -rw-r--r-- 1 root root 1.9K Jan 14 18:31 protected.mysite.com.old.1295058726
    -rw-r--r-- 1 root root 1.2K Jan 14 18:31 protected.mysite.com.csr
    -rw-r--r-- 1 root root 1.2K Jan 14 18:26 protected.mysite.com.csr.old.1295058679
    
     
  2. PhilGlau

    PhilGlau Active Member

    Joined:
    Nov 3, 2010
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    51
    ... er... I feel like a dope...

    firewall misconfigured..

    Opened port 443 and things work as expected.

    .. walks away in shame...
     
Loading...

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice