The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Installation Trouble (Guidance Requested)

Discussion in 'General Discussion' started by Phylum, Jul 27, 2011.

  1. Phylum

    Phylum Active Member

    Joined:
    Apr 20, 2010
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    As the title indicates, I'm not having any luck getting a cert installed. Perhaps I used some wacky method? Here's what I did.

    Last month (6/26) I generated the .KEY & .CSR via
    Code:
    openssl genrsa -des3 -out certificate.key 204
    openssl req -new -key certificate.key -out certificate.csr
    I finally got around to purchasing the cert today. During the creation process when asked, I copied the contents of the .CSR into the form. I received the zip from godaddy with the domain.CRT and gd_bundle.CRT

    Try 1
    • Pasted contents of domain.CRT into first field
    • Page auto-populates with domain, user & IP information
    • Page also populates .KEY field automagically
    • Left the .key field alone.
    • Pasted the contents of gd_bundle.crt into the ca bundle field
    Error: SSL install aborted due to error: Modulus mismatch, key file does not match certificate. Please use the correct key file

    Try 2
    • Pasted contents of domain.CRT into first field
    • Page auto-populates with domain, user & IP information
    • Page also populates .KEY field automagically
    • Cleared .key field & pasted contents of the .CSR
    • Pasted the contents of gd_bundle.crt into the ca bundle field
    Error: SSL install aborted due to error: Failed to extract key modulus. Key is invalid: unable to load Private Key 6970:error:0906D06C:PEM routines:PEM_read_bio:no start line:pem_lib.c:647:Expecting: ANY PRIVATE KEY

    Try 3
    • Pasted contents of domain.CRT into first field
    • Page auto-populates with domain, user & IP information
    • Page also populates .KEY field automagically
    • Cleared second field & pasted contents of the .KEY
    • Pasted the contents of gd_bundle.crt into the ca bundle field
    Error: SSL install aborted due to error: ok

    Can someone help me identify what I did wrong? Is it becuase I did not use the 'Generate an SSL Certificate Signing Request' option in the SSL/TLS menu?
     
  2. vanessa

    vanessa Well-Known Member
    PartnerNOC

    Joined:
    Sep 26, 2006
    Messages:
    817
    Likes Received:
    22
    Trophy Points:
    18
    Location:
    Virginia Beach, VA
    cPanel Access Level:
    DataCenter Provider
    If you didn't use WHM to generate the CSR, you need to paste in your private key that was created when you generated the CSR on your own. Best bet is to just use the WHM CSR generator, and re-key you certificate.
     
  3. Phylum

    Phylum Active Member

    Joined:
    Apr 20, 2010
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    Thank you for taking the time to read through and reply.

    When you say...
    Can you confirm what field the private key (the .KEY file yes?) should go in: First? Second? Third?

    Should it be the entire contents of the key including the
    Code:
    -----BEGIN RSA PRIVATE KEY-----
    Proc-Type: 4,ENCRYPTED
    DEK-Info: DES-CBC,0204AD0E097AC28B
    
    SpUN8vrvxMK....
    -----END RSA PRIVATE KEY-----
    Or just the
    Code:
    -----BEGIN RSA PRIVATE KEY-----
    SpUN8vrvxMK....
    -----END RSA PRIVATE KEY-----
    I tried that in Try 2 above, but it didn't work. I understand that WHM has its own CSR generator, but the manual method should also work, right?
     
    #3 Phylum, Jul 29, 2011
    Last edited: Jul 29, 2011
  4. Phylum

    Phylum Active Member

    Joined:
    Apr 20, 2010
    Messages:
    29
    Likes Received:
    0
    Trophy Points:
    1
    I've been on vacation since the end of July, hence the lack of response, but now that I'm back, I'm sad to read there haven't been any updates since my last post.

    Do I just have to start over or what?
     
  5. cPanelTristan

    cPanelTristan Quality Assurance Analyst
    Staff Member

    Joined:
    Oct 2, 2010
    Messages:
    7,623
    Likes Received:
    21
    Trophy Points:
    38
    Location:
    somewhere over the rainbow
    cPanel Access Level:
    Root Administrator
    The key you would need to go into the second box would be like this:

    Code:
    -----BEGIN RSA PRIVATE KEY-----
    SpUN8vrvxMK....
    -----END RSA PRIVATE KEY-----
    If that isn't working, please open up a ticket and provide the .crt, .key and cabundle files for us to try to install the certificate for you. You can submit a ticket either using the link in my signature or in WHM > Support Center > Contact cPanel location. Please post the ticket number here upon opening one.
     
  6. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    97
    Likes Received:
    2
    Trophy Points:
    8

    Can you just give us the info? I hate this hand holding and I hate to have others login to my servers.

    I try to update a expired certificate and it doesn't work due to odd errors:

    Error
    SSL install aborted due to error: ok

    1) where is the SSL config stored?
    2) Where are the logs?
    3) How do I update the certificate file? Because under mange SSL > Delete .crt it shows it is located at
    ERROR: Could not remove nonexistent crt “/etc/ssl/certs/.crt”.

    Tell us this and we don't even have to bother you guys about it. I can't stand every ticket I file no help is provided to me, always "we need to access the server" Yes I understand cpanel is made for idiots, the diehard linux people mostly hate it. But there are some competent cpanel users out there!
     
  7. joako

    joako Well-Known Member

    Joined:
    Aug 7, 2003
    Messages:
    97
    Likes Received:
    2
    Trophy Points:
    8
    I manage to get the certificate working by editing the sitename.crt manually in /etc/ssl/certs directory.

    However now in cpanel it shows .crt still and all these errors.

    Please someone tell me where cpanel stores the certificate filename to update this so we can continue to mange the ssl in cpanel. No you can not access my servers.
     
  8. boskee

    boskee Registered

    Joined:
    Mar 25, 2014
    Messages:
    1
    Likes Received:
    0
    Trophy Points:
    1
    cPanel Access Level:
    Root Administrator
    I just had the same problem with the certificate. You have to unencrypt your private key before pasting it into cPanel/WHM:

    openssl rsa -in my_key.key -out my_unencrypted_key.pem

    You then have to paste the contents of my_unecrypted_key.pem, not the encrypted one.

    I realize it is an old thread, but it is the first result in Google when searching for this issue, so I thought it may be helpful to others.
     
Loading...

Share This Page