The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Installation - A Mini HowTo

Discussion in 'General Discussion' started by Joseph, Apr 2, 2005.

  1. Joseph

    Joseph Member

    Joined:
    Apr 28, 2003
    Messages:
    20
    Likes Received:
    0
    Trophy Points:
    1
    Location:
    Ontario, Canada
    For many of you, I imagine this post will be useless. For some of you though - I'm hoping it saves some time (it would have been nice to have someone save this time for me :) )

    Anyway - this is pertaining to the purchase and installation of certificates - in this example it's an InstantSSL certificate from Comodo Security Services on behalf of AltaireSSL.

    1. Setup a dedicated IP address
    To do things properly, the domain that is using the certificate must be on a unique IP. Yes, you *can* set it up on a shared IP, but it's not a good idea, as you'll encounter big problems when you try to add your next secure site. Put it on a dedicate IP - save yourself the headache.

    2. Deceide on the domain name
    This step is important, and is often over looked. Ask yourself what address you want to use when accessing your secure certificate - would you rather they go to https://www.mydomain.com, https://domain.com or something like https://secure.domain.com or https://store.domain.com - be sure you know what you want before you continue. If you're using one of the latter two - setup the subdomain before continuing past this step.

    3. Purchase the certificate
    From WHM, near the bottom, under SSL/TLS - select "Purchase & Install SSL Certificate" - Go through the steps of filling out the details, and placing the order (this is a fairly linear, self-explanatory process, so I won't outline it). Be sure to use the domain name you selected in step 2. When defining the email address they should be using - use your own address (rather than your customer's/client's - it will simplify the process). Once you place the purchase you'll get an email indicating that you need to fax/email/mail some info to the certificate company - this is so they can confirm that you are who you say you are. Fax that information and wait for them to get back to you.

    4. Wait
    I've had this process take anywhere from 24 hours to 3 weeks. Yes it is annoying, but feel free to call up the company to see what's taking so long. Once they issue the certificate, you'll get an email with a zip file in it. Pay close attention to it - this is important to hold onto.

    5. Install & Setup the Certificate
    This is where most of the people I work with have difficulties - so be very careful. From WHM, under SSL/TLS select "Install an SSL Certificate and Setup the Domain" - if you have folowed my process as above, the .crt file and .key file will already be on the server. So, under domain - enter the domain name you selected in step 2, and used in step 3. Enter the username and the IP address you setup for that account (see step 1). Then click both Fetch buttons. The first Fetch button will grab the CRT file, the second will grab the KEY file. Note - although there is a sentence "Sorry.. cabundle not found, however you probably don't need one for this certificate ()." in the last field, we still need to setup the bundle file. This bundle file can be found in the email that the certificate company sent you.
    In the zip file there is a file ComodoSecurityServicesCA.crt - open it in a text editor, copy the contents, and paste them into that last field in WHM. Then click the "Do it" button - and wait for the confirmation message.

    So in a nutshell, I'm sure I'm duplicating information already avaialable on these forums - but perhaps someone will sticky this topic or start a sticky topic linking to tutorials and how to's

    Best of luck,

    ~ Joseph
     
  2. redlorry919

    redlorry919 Well-Known Member

    Joined:
    Feb 14, 2004
    Messages:
    65
    Likes Received:
    0
    Trophy Points:
    6
    Thanks for the info. I've only just recently needed to install SSL certs but didn't realise that you needed the account to be on a dedicated IP. (which took me days to figure out and I wish I'd seen a post like this earlier!).

    So I think this post will help a lot of people.

    Nice one!
    Adam.
     
  3. Glennr

    Glennr Member

    Joined:
    Sep 1, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    I get the following when I try this:

    Attempting to verify your certificate..... Cerificate verification passed!
    Verifcation Result [/C=US/ST=Kansas/L=Overland Park/O=First Family church/OU=WinWeb/CN=*.ffc.org ]
    The CRT for the domain *.ffc.org could not be installed. Apache produced the following errors:
    Finished Install Process..

    Any ideas?

    Glenn
     
  4. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    Glenn it looks like you are installing a wildcard certificate is that correct, seeing the common name listed is *.ffc.org ?

    Is it a chained certificate? If so did you paste in the CA bundle for it in the last box?

    When you generate the CSR you must user *.domain.com for the domain name this will enable you to get a wildcard certificate that can be used for any subdomains.

    When you install the certificate you only need to enter the domain.com or sub.domain.com if it is for a subdomain and use the .crt file you are supplied with by the comany you purchased the certificate from, along with the RSA Private key generated when you generated the CSR.

    Wildcards can be used for multiple subdomains but each subdomain must have a dedicated IP address for it to work, installation is the same as for a single domain certificate but because it is issued to *.domain.com it will work or any subdomain without bringing up an error message.
     
    #4 Trigger, Apr 8, 2005
    Last edited: Apr 8, 2005
  5. Glennr

    Glennr Member

    Joined:
    Sep 1, 2004
    Messages:
    9
    Likes Received:
    0
    Trophy Points:
    1
    Thank you very much for your help, you would not believe how much I've been banging my head against the wall.

    It is a wildcard certificate, and it's the first time I've used a wildcard cert. I did install the CA Bundle in the last box.

    The issue was that I was not understanding that you want to insert the specific subdomain you are applying it to. I was trying to use the *. in the domain name.

    Worked perfectly once I put in the subdomain.

    Again, thank you very much.

    Glenn
     
  6. rwoody

    rwoody Member

    Joined:
    Jul 26, 2003
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Certificate Error message

    I have a conflict regarding a previously issued certificate and I'm hoping there is a way I can make an adjustment in the DNS to stop the ugly error message "The name on the security certificate is either invalid or does not match the name of the site."

    This was previoiusly setup incorrectly and I'm trying to see what I can do to clean it up. The site was registered mysite.com and the cert was issued: www.mysite.com

    Now of course the site can be accessed either way, but the certificate warning might be disconcerting to potential customers as this is a shopping site.

    Is there a way that I can modify the dns, so that www.mysite.com is a valid site name?

    Thank you in advance for your assistance
     
  7. flash7

    flash7 Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    4. Now my LIVE site is DOWN :mad:
    WHM 10.0.0 cPanel 10.0.0-R161
     
  8. rwoody

    rwoody Member

    Joined:
    Jul 26, 2003
    Messages:
    24
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for the tips

    Thanks for the tips, but I'm sure you "overlooked" what I mentioned in my post. I have been doing this for quite sometime and am well aware of how to set this up "originally" I inherited the problem and was trying to find a way to assist the customer short of purchasing another SSL. I've contacted the SSL company and the cert cannot be altered. A new one must be purchased and this one deleted to fix the problem In view of the cost, I was hoping there might be a way that on the server, "www.mysite.com" could be setup as the valid name.

    Thanks for your response though, I do appreciate your time in doing so.

    Take care and have a wonderful day.
     
  9. flash7

    flash7 Well-Known Member

    Joined:
    Feb 16, 2004
    Messages:
    203
    Likes Received:
    0
    Trophy Points:
    16
    You right :)

    Problem was been solved, thanx.
     
  10. barryj

    barryj Member

    Joined:
    Apr 27, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    What do you do woith a "Chained Root Certificate"? I posted this on another forum, but thought it might fit here too.
    ----------
    I have a client that purchased their own SSL Certificate and now I have to install it! Anyway the cert was purchased through GoDaddy and there are 2 parts to the certificate. 1 part is the certificate and the 2nd part is an intermediate certificate, which has to be installed before the certificate. GoDaddy provides install instructions for this "chained root certificate", but I was wondering if anybody else had experience wtih this type of cert. Basically to install it you put it in the specific SSL directories and then manually a;ter httpd.conf (which I have no issue with) but just checking out there.
    WHM doen't cater for this type of certificate procedure.
    ----------

    Any ideas?
     
  11. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    You can install this type of certificate with WHM without a problem.

    When the customer gets the certificate details the email will contain both the certificate issued to the domain and a copy of the CA bundle that will need to be installed. As part of the install you paste the CA bundle in the last box (thats what it is there for) when you install the certificate.
     
  12. barryj

    barryj Member

    Joined:
    Apr 27, 2003
    Messages:
    13
    Likes Received:
    0
    Trophy Points:
    1
    Thanks for that, I suppose I should look at the WHM install boxes before I post a question!!!!!

    :eek:
     
  13. DeMenkey

    DeMenkey Registered

    Joined:
    Jul 20, 2004
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    THANK YOU SO MUCH! This is what I've been trying to figuer out for the past two days. Yet, I still don't get it. lol
    Arn't there any free SSL out there? Or something? lol
     
  14. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    DeMenkey you can get a 30 Day Free SSL certificate from Rapidssl.com to test things out to make sure its what you need, apart from that the only way to get it for free is if your host offers a shared SSL certificate or if you use a self signed certificate (which will give visitors an error as it is not trusted, once they click Ok it will work)

    Rapidssl.com changed their name from freessl.com to avoid confusion, they used to offer free ssl certificates for a year just to get volume up and get the name out.
     
  15. Berbox

    Berbox Well-Known Member

    Joined:
    Apr 4, 2005
    Messages:
    55
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Belgium
    There is a company "startcom" that issue free SSL certificates. I requested now 3 certificates and al worked fine. Just install the Ca-bundle with the certificate and your browser don't popup a security warning every time.

    The request is just done in 30 minutes. The installation 30 min so in 1 hour you have SSL for you're customers. By the way they have excellent support on their site.

    Of course you have to trust this people, but this you have to decide by your self
     
  16. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    Yes it works, this is the same as a self signed certificate it will encrypt the information and is secure but the SSL certificate is not trusted by the browser. You need to install the the CA root in your browser (Step one of their process) otherwise you get the popup window.

    It's a great Idea but your visitors will get the popup until they install the CA root in their browser, if its for your own security then thats great but how confident would a customer be entering confidential information seeing the popup and getting the message the Certificate is not trusted.
     
  17. azimpact

    azimpact Member

    Joined:
    May 27, 2005
    Messages:
    17
    Likes Received:
    0
    Trophy Points:
    1
    After you succesfuly install it, should you be able to access the secure site right away or do you have to wait for it to migrate.

    I purchased the cert on the WHM, all went well and installed. Confirmed installation and it restarted apache.

    But when I type in the name of the host I secured https://secure.mysite.com I get a dead page. Take the s from the http and I get a test page that I put in the secure subdomain directory.

    Am I being impatient or should you be able to see the secure site right away?

    Thanks!
     
  18. michthien

    michthien Member

    Joined:
    Nov 17, 2004
    Messages:
    7
    Likes Received:
    0
    Trophy Points:
    1
    SSL install

    Did you check http.conf file? I had problem with WHM I can not install ssl cert if i purchase elsewhere. I had to use /scripts/installSSL. however, the scripts did not create user and group within the virtual directory. So after you did that you have to manually add user and group in that virtual directory.

    Nhat
     
  19. sbenzies

    sbenzies Registered

    Joined:
    Sep 22, 2003
    Messages:
    4
    Likes Received:
    0
    Trophy Points:
    1
    Emergency!

    Hello! I just got a security certificate for my site and gave the domain a dedicated IP like this topic suggested, and it seemed to install fine though now whenever you go to my site it has the cPanel splash page saying "There is no website configured at this address." In the "List Accounts" section it also says "65.75.154.111:443" in the Ip section right beside my domain. Is the ":443" supposed to be there, and if so, why isn't my site working? When I ping the domain it still goes to the old shared IP, 65.75.154.110. Do I just need to wait for it to propogate, or is something else wrong? And if I need to wait for it to propogate, how do I avoid downtime in the future? Please help ASAP! Thanks in advance!
     
  20. Trigger

    Trigger Well-Known Member

    Joined:
    May 17, 2003
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    Location:
    Brisbane
    I take it the domain name is wr.ca?

    At the moment that domain only has a self signed certificate on it!

    The 443 is correct as the certificate is installed to use port 443 normal http traffic uses port 80

    Normally after you install a certificate Apache is restarted to allow new calls to pick the certificate up, you may have been experiencing cached information.
     
Loading...

Share This Page