The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL / HTTPS not working with self-signed certs?

Discussion in 'General Discussion' started by PhilGlau, Jan 14, 2011.

  1. PhilGlau

    PhilGlau Active Member

    Joined:
    Nov 3, 2010
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    I've read through some of the other post regarding these issues, but I can't find the answer given what I'm seeing on my server. I'm new to cPanel/WHM, but not hosting in general.

    Okay here's the deal (I've changed the actual names to fake names throughout.)

    I've got "srv04.mybox.com" set up as the host for WHM. I can login and administer it as root.

    I've got a website installed on a dedicated IP address called "mysite.com".

    In WHM, I used "Generate a SSL Certificate and Signing Request" to generate a self-signed SSL cert/csr/key for my subdomin that I want to protect, "protected.mysite.com" (as opposed to just the 'www.mysite.com'.)

    Next I used "Install a SSL Certificate and Setup the Domain" to install it. I can navigate to /etc/ssl/certs and see that the crt is there and the key is in the private folder.

    In /etc/httpd/conf/httpd.conf I find the correct virtual block for my ip address:

    Code:
    <VirtualHost 174.---.---.---:443>
        ServerName protected.mysite.com
        ServerAlias www.protected.mysite.com
        DocumentRoot /home/adminname/public_html/clientarea
        ServerAdmin webmaster@protected.mysite.com
        UseCanonicalName Off
        CustomLog /usr/local/apache/domlogs/protected.mysite.com combined
        CustomLog /usr/local/apache/domlogs/protected.mysite.com-bytes_log "%{%s}t %I .\n%{%s}t %O ."
        ## User adminname # Needed for Cpanel::ApacheConf
        <IfModule mod_suphp.c>
            suPHP_UserGroup adminname adminname
        </IfModule>
        <IfModule !mod_disable_suexec.c>
            SuexecUserGroup adminname adminname
        </IfModule>
        ScriptAlias /cgi-bin/ /home/adminname/public_html/clientarea/cgi-bin/
        SSLEngine on
    
        SSLCertificateFile /etc/ssl/certs/protected.mysite.com.crt
        SSLCertificateKeyFile /etc/ssl/private/protected.mysite.com.key
        CustomLog /usr/local/apache/domlogs/protected.mysite.com-ssl_log combined
        SetEnvIf User-Agent ".*MSIE.*" nokeepalive ssl-unclean-shutdown
          <Directory "/home/adminname/public_html/clientarea/cgi-bin">
            SSLOptions +StdEnvVars
        </Directory>
    
    
    </VirtualHost>
    Everything looks good ??

    That should be it right? (I repeated the same steps above to self-sign a cert for srv04.mybox.com as well, thinking that perhaps the server needed certificate seperate from the ones used the access ports (2087, 2083,etc)

    It doesn't work for me. When I go to 'protected.mysite.com' it doesn't connect. I tried telneting in to both the server's 443 address as well as the sites 443 address with:

    telnet srv04.mybox.com 443
    telnet protected.mysite.com 443

    and it does not connect.

    What am I doing wrong?


    Postscript:
    /etc/ssl/certs has a bunch of 'old' files even though I only installed the request once.

    Code:
    -rw-r--r-- 1 root root 1.9K Jan 14 18:32 protected.mysite.com.crt
    -rw-r--r-- 1 root root 1.9K Jan 14 18:26 protected.mysite.com.old.1295058553
    -rw-r--r-- 1 root root 1.9K Jan 14 18:31 protected.mysite.com.old.1295058726
    -rw-r--r-- 1 root root 1.2K Jan 14 18:31 protected.mysite.com.csr
    -rw-r--r-- 1 root root 1.2K Jan 14 18:26 protected.mysite.com.csr.old.1295058679
    
     
  2. PhilGlau

    PhilGlau Active Member

    Joined:
    Nov 3, 2010
    Messages:
    27
    Likes Received:
    0
    Trophy Points:
    1
    ... er... I feel like a dope...

    firewall misconfigured..

    Opened port 443 and things work as expected.

    .. walks away in shame...
     
Loading...

Share This Page