Kiwi

Well-Known Member
Aug 11, 2001
75
0
306
When trying to install a SSL cert. from FreeSSL and submitting the form, nothing happens. The form tags are in the source band everything is correct, but the form is not submitting. Any thoughts?
 

eddie

Active Member
Aug 20, 2001
39
0
306
[quote:1f264bacca]Didn\'t get it to work ...and installed the cert. manually. If anyone needs to know how-to, i\'ll post it here. :) [/quote:1f264bacca]

I am interested thanks, make sure its in step by step :)
many thanks
 

randy

Member
Oct 12, 2001
18
0
301
If you could post that, I think a lot of people would find it very useful...thanks!
 

Brownie

Well-Known Member
Aug 10, 2001
145
0
316
This is what I do - I install all my certificates manually ;)

For this example, Im gonna use darkorb.net as the domain ;)

Create the CSR. It will create these files:

/usr/share/ssl/certs/secure.darkorb.net.crt
/usr/share/ssl/private/secure.darkorb.net.key

I then edit secure.darkorb.net.crt and replace the contents with my certificate.

Then, I add this to my httpd.conf with the date and time as a reference point for me ;)

[code:1:039c30d386]
#added by nick on &DATE& &TIME&BST
&VirtualHost 209.249.75.12:443&
DocumentRoot /home/username/public_html/secure
BytesLog domlogs/secure.darkorb.net-bytes_log
ServerName secure.darkorb.net
ServerAdmin [email protected]
BytesLog domlogs/secure.darkorb.net-bytes_log

CustomLog /usr/local/apache/domlogs/secure.darkorb.net-ssl_log \&%t %{version}c %{cipher}c %{clientcert}c\&

SSLVerifyClient none
SSLEnable

SSLCertificateFile /usr/share/ssl/certs/secure.darkorb.net.crt
SSLCertificateKeyFile /usr/share/ssl/private/secure.darkorb.net.key
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
SSLLogFile /var/log/secure.darkorb.net
UserDir public_html
&/VirtualHost&
#added by nick
[/code:1:039c30d386]

Then, I restart apache
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd startssl

And, it works!
 

Annette

Well-Known Member
PartnerNOC
Aug 12, 2001
445
0
316
This brings up a question for us. About a third of the time, apache restarts fail when trying to install certs (manually right now, since WHM does nothing at all). It chokes on the SSLVerify piece of the config entry. There\'s nothing substantially different between the servers where this happens, and we\'ve had issues on the same server as well (that is, one cert for a particular domain will install, and another will not). It\'s also incredibly difficult to get apache restarted after some of these failures, after commenting out the secure entry for the domain. What particularly bothers me on one server is that a cert that previously worked (serverwide) no longer works. Forutnately, we don\'t have a lot of client domains on that box, but it\'s irritating that we have the cert and can\'t use it. Anyone noticed anything similar, or have any suggestions as to what might be causing this intermittent issue?
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
[quote:6fbc165b35] About a third of the time, apache restarts fail when trying to install certs [/quote:6fbc165b35]I take it you already use /usr/local/apache/bin/apachectl startssl to start the web server.
[quote:6fbc165b35] manually right now, since WHM does nothing at all[/quote:6fbc165b35]Thawte certs seem to be installing out-of-the-box from WHM.
 

Kylecool

Well-Known Member
Aug 17, 2001
68
0
306
Hello,

I for a FreeSSL Certificate for www.kylecool.com, you can see at https://kylecool.com .

MSIE wasn\'t working properly. I spent several hours playing with that form, and I didnt want to edit it manually...

What I did was used Netscape. I HATE NETSCAPE, but this is one thing that netscape does that MSIE wouldn\'t. The form actially submitted properly, and worked. I think restarted apache, I didnt goto SSH, I just used WHM, and it restarted right up. Works pretty good.

-Kyle

P.S- How do I delete a certificate from WHM?
 

Annette

Well-Known Member
PartnerNOC
Aug 12, 2001
445
0
316
[quote:dd7653af9e]I take it you already use /usr/local/apache/bin/apachectl startssl to start the web server.[/quote:dd7653af9e]

Yes indeed. In fact, we just installed three certs (all server certs) this evening, on different servers. Two of the three installed without a hitch, direct from WHM. The third took some massaging via shell to get apache going again. It\'s really strange, but there\'s no pattern to point at.

[quote:dd7653af9e]Thawte certs seem to be installing out-of-the-box from WHM. [/quote:dd7653af9e]

See above. Irritating, especially for a couple of our dedicated clients since it\'s a little nervewracking for them - they just haven\'t gone through it as many times as we have. :)

Kyle, to delete a cert, you have to remove the entries from /etc/httpd/conf manually, and then delete the relevant files from /usr/share/ssl/certs and /usr/share/ssl/private (or if your particular system stores them in /usr/local/ssl, from that location instead). Restart apache, and it\'s done. As far as I know, there is no way to remove certs via WHM.
 

Kylecool

Well-Known Member
Aug 17, 2001
68
0
306
Ok, Thanks Annette. :)

BTW: Can you have 2 certs. Like whatever.com and secure.whatever.com ?

BTW: Thwarte certs always seem better,but everything works for me, but Thwarte is a GOOD NAME..

-Kyle
 

Domenico

Well-Known Member
Aug 14, 2001
375
11
318
After installing the freessl cert through telnet I can\'t get it to work.

When I do https://www.domain.com it seems to hang. The lock does appear in the right corner but that\'s it. The screen stays blank.

now I see the following when I do;
/usr/local/apache/bin/apachectl configtest
Syntax error on line 1702 of /usr/local/apache/conf/httpd.conf:
Invalid command \'SSLVerifyClient\', perhaps mis-spelled or defined by a module not included in the server configuration

What is wrong here?
\'SSLVerifyClient\' is added by the cert installation. Does this error have something to do with the cert not working?

This is what is added in httpd.conf;

<VirtualHost SERVER IP:443>
ServerAdmin [email protected]
DocumentRoot /home/USER/public_html
ServerName domain.com

CustomLog /usr/local/apache/domlogs/domain.com-ssl_log \"%t %{version}c %{cipher}c %{clientcert}c\"

SSLVerifyClient none
SSLEnable

SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key
SSLLogFile /usr/local/apache/domlogs/domain.com-ssl
UserDir public_html

ScriptAlias /cgi-bin/ /home/USER/public_html/cgi-bin/
</VirtualHost>

[Edited on 10/25/01 by Domenico]
 

JeremyL

Well-Known Member
Aug 10, 2001
87
0
306
[quote:052f761ddc][i:052f761ddc]Originally posted by Domenico[/i:052f761ddc]
After installing the freessl cert through telnet I can\'t get it to work.

When I do https://www.domain.com it seems to hang. The lock does appear in the right corner but that\'s it. The screen stays blank.

now I see the following when I do;
/usr/local/apache/bin/apachectl configtest
Syntax error on line 1702 of /usr/local/apache/conf/httpd.conf:
Invalid command \'SSLVerifyClient\', perhaps mis-spelled or defined by a module not included in the server configuration

What is wrong here?
\'SSLVerifyClient\' is added by the cert installation. Does this error have something to do with the cert not working?

This is what is added in httpd.conf;

<VirtualHost SERVER IP:443>
ServerAdmin [email protected]
DocumentRoot /home/USER/public_html
ServerName domain.com

CustomLog /usr/local/apache/domlogs/domain.com-ssl_log \"%t %{version}c %{cipher}c %{clientcert}c\"

SSLVerifyClient none
SSLEnable

SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key
SSLLogFile /usr/local/apache/domlogs/domain.com-ssl
UserDir public_html

ScriptAlias /cgi-bin/ /home/USER/public_html/cgi-bin/
</VirtualHost>

[Edited on 10/25/01 by Domenico] [/quote:052f761ddc]




Did you figure out what the issue was? I found the same problem on my server.

Thanks