The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL Installation

Discussion in 'General Discussion' started by Kiwi, Sep 4, 2001.

  1. Kiwi

    Kiwi Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    When trying to install a SSL cert. from FreeSSL and submitting the form, nothing happens. The form tags are in the source band everything is correct, but the form is not submitting. Any thoughts?
     
  2. reflexhost

    reflexhost Member

    Joined:
    Aug 31, 2001
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Same happens with me, I\'d be interested how you do it if you manage to resolve it Kiwi...;)
     
  3. Kiwi

    Kiwi Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    75
    Likes Received:
    0
    Trophy Points:
    6
    Didn\'t get it to work ...and installed the cert. manually. If anyone needs to know how-to, i\'ll post it here. :)
     
  4. reflexhost

    reflexhost Member

    Joined:
    Aug 31, 2001
    Messages:
    8
    Likes Received:
    0
    Trophy Points:
    1
    Hi Kiwi,

    I\'d appreciate that or you can ICQ me on 124396993.

    Matt
     
  5. eddie

    eddie Active Member

    Joined:
    Aug 20, 2001
    Messages:
    39
    Likes Received:
    0
    Trophy Points:
    6
    [quote:1f264bacca]Didn\'t get it to work ...and installed the cert. manually. If anyone needs to know how-to, i\'ll post it here. :) [/quote:1f264bacca]

    I am interested thanks, make sure its in step by step :)
    many thanks
     
  6. n2nis

    n2nis Active Member

    Joined:
    Aug 16, 2001
    Messages:
    42
    Likes Received:
    0
    Trophy Points:
    6
    I am interested to...
     
  7. randy

    randy Member

    Joined:
    Oct 12, 2001
    Messages:
    18
    Likes Received:
    0
    Trophy Points:
    1
    If you could post that, I think a lot of people would find it very useful...thanks!
     
  8. Brownie

    Brownie Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    145
    Likes Received:
    0
    Trophy Points:
    16
    This is what I do - I install all my certificates manually ;)

    For this example, Im gonna use darkorb.net as the domain ;)

    Create the CSR. It will create these files:

    /usr/share/ssl/certs/secure.darkorb.net.crt
    /usr/share/ssl/private/secure.darkorb.net.key

    I then edit secure.darkorb.net.crt and replace the contents with my certificate.

    Then, I add this to my httpd.conf with the date and time as a reference point for me ;)

    [code:1:039c30d386]
    #added by nick on &DATE& &TIME&BST
    &VirtualHost 209.249.75.12:443&
    DocumentRoot /home/username/public_html/secure
    BytesLog domlogs/secure.darkorb.net-bytes_log
    ServerName secure.darkorb.net
    ServerAdmin sslmaster@darkorb.net
    BytesLog domlogs/secure.darkorb.net-bytes_log

    CustomLog /usr/local/apache/domlogs/secure.darkorb.net-ssl_log \&%t %{version}c %{cipher}c %{clientcert}c\&

    SSLVerifyClient none
    SSLEnable

    SSLCertificateFile /usr/share/ssl/certs/secure.darkorb.net.crt
    SSLCertificateKeyFile /usr/share/ssl/private/secure.darkorb.net.key
    SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
    SSLLogFile /var/log/secure.darkorb.net
    UserDir public_html
    &/VirtualHost&
    #added by nick
    [/code:1:039c30d386]

    Then, I restart apache
    /etc/rc.d/init.d/httpd stop
    /etc/rc.d/init.d/httpd startssl

    And, it works!
     
  9. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    This brings up a question for us. About a third of the time, apache restarts fail when trying to install certs (manually right now, since WHM does nothing at all). It chokes on the SSLVerify piece of the config entry. There\'s nothing substantially different between the servers where this happens, and we\'ve had issues on the same server as well (that is, one cert for a particular domain will install, and another will not). It\'s also incredibly difficult to get apache restarted after some of these failures, after commenting out the secure entry for the domain. What particularly bothers me on one server is that a cert that previously worked (serverwide) no longer works. Forutnately, we don\'t have a lot of client domains on that box, but it\'s irritating that we have the cert and can\'t use it. Anyone noticed anything similar, or have any suggestions as to what might be causing this intermittent issue?
     
  10. moronhead

    moronhead Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    706
    Likes Received:
    0
    Trophy Points:
    16
    [quote:6fbc165b35] About a third of the time, apache restarts fail when trying to install certs [/quote:6fbc165b35]I take it you already use /usr/local/apache/bin/apachectl startssl to start the web server.
    [quote:6fbc165b35] manually right now, since WHM does nothing at all[/quote:6fbc165b35]Thawte certs seem to be installing out-of-the-box from WHM.
     
  11. Kylecool

    Kylecool Well-Known Member

    Joined:
    Aug 17, 2001
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Hello,

    I for a FreeSSL Certificate for www.kylecool.com, you can see at https://kylecool.com .

    MSIE wasn\'t working properly. I spent several hours playing with that form, and I didnt want to edit it manually...

    What I did was used Netscape. I HATE NETSCAPE, but this is one thing that netscape does that MSIE wouldn\'t. The form actially submitted properly, and worked. I think restarted apache, I didnt goto SSH, I just used WHM, and it restarted right up. Works pretty good.

    -Kyle

    P.S- How do I delete a certificate from WHM?
     
  12. Annette

    Annette Well-Known Member
    PartnerNOC

    Joined:
    Aug 12, 2001
    Messages:
    445
    Likes Received:
    0
    Trophy Points:
    16
    [quote:dd7653af9e]I take it you already use /usr/local/apache/bin/apachectl startssl to start the web server.[/quote:dd7653af9e]

    Yes indeed. In fact, we just installed three certs (all server certs) this evening, on different servers. Two of the three installed without a hitch, direct from WHM. The third took some massaging via shell to get apache going again. It\'s really strange, but there\'s no pattern to point at.

    [quote:dd7653af9e]Thawte certs seem to be installing out-of-the-box from WHM. [/quote:dd7653af9e]

    See above. Irritating, especially for a couple of our dedicated clients since it\'s a little nervewracking for them - they just haven\'t gone through it as many times as we have. :)

    Kyle, to delete a cert, you have to remove the entries from /etc/httpd/conf manually, and then delete the relevant files from /usr/share/ssl/certs and /usr/share/ssl/private (or if your particular system stores them in /usr/local/ssl, from that location instead). Restart apache, and it\'s done. As far as I know, there is no way to remove certs via WHM.
     
  13. Kylecool

    Kylecool Well-Known Member

    Joined:
    Aug 17, 2001
    Messages:
    68
    Likes Received:
    0
    Trophy Points:
    6
    Ok, Thanks Annette. :)

    BTW: Can you have 2 certs. Like whatever.com and secure.whatever.com ?

    BTW: Thwarte certs always seem better,but everything works for me, but Thwarte is a GOOD NAME..

    -Kyle
     
  14. Domenico

    Domenico Well-Known Member

    Joined:
    Aug 14, 2001
    Messages:
    362
    Likes Received:
    0
    Trophy Points:
    16
    After installing the freessl cert through telnet I can\'t get it to work.

    When I do https://www.domain.com it seems to hang. The lock does appear in the right corner but that\'s it. The screen stays blank.

    now I see the following when I do;
    /usr/local/apache/bin/apachectl configtest
    Syntax error on line 1702 of /usr/local/apache/conf/httpd.conf:
    Invalid command \'SSLVerifyClient\', perhaps mis-spelled or defined by a module not included in the server configuration

    What is wrong here?
    \'SSLVerifyClient\' is added by the cert installation. Does this error have something to do with the cert not working?

    This is what is added in httpd.conf;

    <VirtualHost SERVER IP:443>
    ServerAdmin webmaster@domain.com
    DocumentRoot /home/USER/public_html
    ServerName domain.com

    CustomLog /usr/local/apache/domlogs/domain.com-ssl_log \"%t %{version}c %{cipher}c %{clientcert}c\"

    SSLVerifyClient none
    SSLEnable

    SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key
    SSLLogFile /usr/local/apache/domlogs/domain.com-ssl
    UserDir public_html

    ScriptAlias /cgi-bin/ /home/USER/public_html/cgi-bin/
    </VirtualHost>

    [Edited on 10/25/01 by Domenico]
     
  15. JeremyL

    JeremyL Well-Known Member

    Joined:
    Aug 10, 2001
    Messages:
    87
    Likes Received:
    0
    Trophy Points:
    6
    [quote:052f761ddc][i:052f761ddc]Originally posted by Domenico[/i:052f761ddc]
    After installing the freessl cert through telnet I can\'t get it to work.

    When I do https://www.domain.com it seems to hang. The lock does appear in the right corner but that\'s it. The screen stays blank.

    now I see the following when I do;
    /usr/local/apache/bin/apachectl configtest
    Syntax error on line 1702 of /usr/local/apache/conf/httpd.conf:
    Invalid command \'SSLVerifyClient\', perhaps mis-spelled or defined by a module not included in the server configuration

    What is wrong here?
    \'SSLVerifyClient\' is added by the cert installation. Does this error have something to do with the cert not working?

    This is what is added in httpd.conf;

    <VirtualHost SERVER IP:443>
    ServerAdmin webmaster@domain.com
    DocumentRoot /home/USER/public_html
    ServerName domain.com

    CustomLog /usr/local/apache/domlogs/domain.com-ssl_log \"%t %{version}c %{cipher}c %{clientcert}c\"

    SSLVerifyClient none
    SSLEnable

    SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
    SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key
    SSLLogFile /usr/local/apache/domlogs/domain.com-ssl
    UserDir public_html

    ScriptAlias /cgi-bin/ /home/USER/public_html/cgi-bin/
    </VirtualHost>

    [Edited on 10/25/01 by Domenico] [/quote:052f761ddc]




    Did you figure out what the issue was? I found the same problem on my server.

    Thanks
     
  16. AlaskanWolf

    AlaskanWolf Well-Known Member

    Joined:
    Aug 11, 2001
    Messages:
    537
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    Fremont CA
    when you hit the button in IE, it wont do anything, already opened a bug report

    It will work in NS however....
     
  17. SplashHost.com

    SplashHost.com Well-Known Member

    Joined:
    Aug 12, 2001
    Messages:
    53
    Likes Received:
    0
    Trophy Points:
    6
    It works in netscape, i figured this one out a few months ago.
     
Loading...

Share This Page