This is what I do - I install all my certificates manually 
For this example, Im gonna use darkorb.net as the domain
Create the CSR. It will create these files:
/usr/share/ssl/certs/secure.darkorb.net.crt
/usr/share/ssl/private/secure.darkorb.net.key
I then edit secure.darkorb.net.crt and replace the contents with my certificate.
Then, I add this to my httpd.conf with the date and time as a reference point for me
[code:1:039c30d386]
#added by nick on &DATE& &TIME&BST
&VirtualHost 209.249.75.12:443&
DocumentRoot /home/username/public_html/secure
BytesLog domlogs/secure.darkorb.net-bytes_log
ServerName secure.darkorb.net
ServerAdmin [email protected]
BytesLog domlogs/secure.darkorb.net-bytes_log
CustomLog /usr/local/apache/domlogs/secure.darkorb.net-ssl_log \&%t %{version}c %{cipher}c %{clientcert}c\&
SSLVerifyClient none
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/secure.darkorb.net.crt
SSLCertificateKeyFile /usr/share/ssl/private/secure.darkorb.net.key
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
SSLLogFile /var/log/secure.darkorb.net
UserDir public_html
&/VirtualHost&
#added by nick
[/code:1:039c30d386]
Then, I restart apache
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd startssl
And, it works!
For this example, Im gonna use darkorb.net as the domain
Create the CSR. It will create these files:
/usr/share/ssl/certs/secure.darkorb.net.crt
/usr/share/ssl/private/secure.darkorb.net.key
I then edit secure.darkorb.net.crt and replace the contents with my certificate.
Then, I add this to my httpd.conf with the date and time as a reference point for me
[code:1:039c30d386]
#added by nick on &DATE& &TIME&BST
&VirtualHost 209.249.75.12:443&
DocumentRoot /home/username/public_html/secure
BytesLog domlogs/secure.darkorb.net-bytes_log
ServerName secure.darkorb.net
ServerAdmin [email protected]
BytesLog domlogs/secure.darkorb.net-bytes_log
CustomLog /usr/local/apache/domlogs/secure.darkorb.net-ssl_log \&%t %{version}c %{cipher}c %{clientcert}c\&
SSLVerifyClient none
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/secure.darkorb.net.crt
SSLCertificateKeyFile /usr/share/ssl/private/secure.darkorb.net.key
SSLCACertificateFile /usr/local/apache/conf/ssl.crt/ca-bundle.crt
SSLLogFile /var/log/secure.darkorb.net
UserDir public_html
&/VirtualHost&
#added by nick
[/code:1:039c30d386]
Then, I restart apache
/etc/rc.d/init.d/httpd stop
/etc/rc.d/init.d/httpd startssl
And, it works!
This brings up a question for us. About a third of the time, apache restarts fail when trying to install certs (manually right now, since WHM does nothing at all). It chokes on the SSLVerify piece of the config entry. There\'s nothing substantially different between the servers where this happens, and we\'ve had issues on the same server as well (that is, one cert for a particular domain will install, and another will not). It\'s also incredibly difficult to get apache restarted after some of these failures, after commenting out the secure entry for the domain. What particularly bothers me on one server is that a cert that previously worked (serverwide) no longer works. Forutnately, we don\'t have a lot of client domains on that box, but it\'s irritating that we have the cert and can\'t use it. Anyone noticed anything similar, or have any suggestions as to what might be causing this intermittent issue?
[quote:6fbc165b35] About a third of the time, apache restarts fail when trying to install certs [/quote:6fbc165b35]I take it you already use /usr/local/apache/bin/apachectl startssl to start the web server.
[quote:6fbc165b35] manually right now, since WHM does nothing at all[/quote:6fbc165b35]Thawte certs seem to be installing out-of-the-box from WHM.
[quote:6fbc165b35] manually right now, since WHM does nothing at all[/quote:6fbc165b35]Thawte certs seem to be installing out-of-the-box from WHM.
Hello,
I for a FreeSSL Certificate for www.kylecool.com, you can see at https://kylecool.com .
MSIE wasn\'t working properly. I spent several hours playing with that form, and I didnt want to edit it manually...
What I did was used Netscape. I HATE NETSCAPE, but this is one thing that netscape does that MSIE wouldn\'t. The form actially submitted properly, and worked. I think restarted apache, I didnt goto SSH, I just used WHM, and it restarted right up. Works pretty good.
-Kyle
P.S- How do I delete a certificate from WHM?
I for a FreeSSL Certificate for www.kylecool.com, you can see at https://kylecool.com .
MSIE wasn\'t working properly. I spent several hours playing with that form, and I didnt want to edit it manually...
What I did was used Netscape. I HATE NETSCAPE, but this is one thing that netscape does that MSIE wouldn\'t. The form actially submitted properly, and worked. I think restarted apache, I didnt goto SSH, I just used WHM, and it restarted right up. Works pretty good.
-Kyle
P.S- How do I delete a certificate from WHM?
[quote:dd7653af9e]I take it you already use /usr/local/apache/bin/apachectl startssl to start the web server.[/quote:dd7653af9e]
Yes indeed. In fact, we just installed three certs (all server certs) this evening, on different servers. Two of the three installed without a hitch, direct from WHM. The third took some massaging via shell to get apache going again. It\'s really strange, but there\'s no pattern to point at.
[quote:dd7653af9e]Thawte certs seem to be installing out-of-the-box from WHM. [/quote:dd7653af9e]
See above. Irritating, especially for a couple of our dedicated clients since it\'s a little nervewracking for them - they just haven\'t gone through it as many times as we have.
Kyle, to delete a cert, you have to remove the entries from /etc/httpd/conf manually, and then delete the relevant files from /usr/share/ssl/certs and /usr/share/ssl/private (or if your particular system stores them in /usr/local/ssl, from that location instead). Restart apache, and it\'s done. As far as I know, there is no way to remove certs via WHM.
Yes indeed. In fact, we just installed three certs (all server certs) this evening, on different servers. Two of the three installed without a hitch, direct from WHM. The third took some massaging via shell to get apache going again. It\'s really strange, but there\'s no pattern to point at.
[quote:dd7653af9e]Thawte certs seem to be installing out-of-the-box from WHM. [/quote:dd7653af9e]
See above. Irritating, especially for a couple of our dedicated clients since it\'s a little nervewracking for them - they just haven\'t gone through it as many times as we have.
Kyle, to delete a cert, you have to remove the entries from /etc/httpd/conf manually, and then delete the relevant files from /usr/share/ssl/certs and /usr/share/ssl/private (or if your particular system stores them in /usr/local/ssl, from that location instead). Restart apache, and it\'s done. As far as I know, there is no way to remove certs via WHM.
After installing the freessl cert through telnet I can\'t get it to work.
When I do https://www.domain.com it seems to hang. The lock does appear in the right corner but that\'s it. The screen stays blank.
now I see the following when I do;
/usr/local/apache/bin/apachectl configtest
Syntax error on line 1702 of /usr/local/apache/conf/httpd.conf:
Invalid command \'SSLVerifyClient\', perhaps mis-spelled or defined by a module not included in the server configuration
What is wrong here?
\'SSLVerifyClient\' is added by the cert installation. Does this error have something to do with the cert not working?
This is what is added in httpd.conf;
<VirtualHost SERVER IP:443>
ServerAdmin [email protected]
DocumentRoot /home/USER/public_html
ServerName domain.com
CustomLog /usr/local/apache/domlogs/domain.com-ssl_log \"%t %{version}c %{cipher}c %{clientcert}c\"
SSLVerifyClient none
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key
SSLLogFile /usr/local/apache/domlogs/domain.com-ssl
UserDir public_html
ScriptAlias /cgi-bin/ /home/USER/public_html/cgi-bin/
</VirtualHost>
[Edited on 10/25/01 by Domenico]
When I do https://www.domain.com it seems to hang. The lock does appear in the right corner but that\'s it. The screen stays blank.
now I see the following when I do;
/usr/local/apache/bin/apachectl configtest
Syntax error on line 1702 of /usr/local/apache/conf/httpd.conf:
Invalid command \'SSLVerifyClient\', perhaps mis-spelled or defined by a module not included in the server configuration
What is wrong here?
\'SSLVerifyClient\' is added by the cert installation. Does this error have something to do with the cert not working?
This is what is added in httpd.conf;
<VirtualHost SERVER IP:443>
ServerAdmin [email protected]
DocumentRoot /home/USER/public_html
ServerName domain.com
CustomLog /usr/local/apache/domlogs/domain.com-ssl_log \"%t %{version}c %{cipher}c %{clientcert}c\"
SSLVerifyClient none
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key
SSLLogFile /usr/local/apache/domlogs/domain.com-ssl
UserDir public_html
ScriptAlias /cgi-bin/ /home/USER/public_html/cgi-bin/
</VirtualHost>
[Edited on 10/25/01 by Domenico]
[quote:052f761ddc][i:052f761ddc]Originally posted by Domenico[/i:052f761ddc]
After installing the freessl cert through telnet I can\'t get it to work.
When I do https://www.domain.com it seems to hang. The lock does appear in the right corner but that\'s it. The screen stays blank.
now I see the following when I do;
/usr/local/apache/bin/apachectl configtest
Syntax error on line 1702 of /usr/local/apache/conf/httpd.conf:
Invalid command \'SSLVerifyClient\', perhaps mis-spelled or defined by a module not included in the server configuration
What is wrong here?
\'SSLVerifyClient\' is added by the cert installation. Does this error have something to do with the cert not working?
This is what is added in httpd.conf;
<VirtualHost SERVER IP:443>
ServerAdmin [email protected]
DocumentRoot /home/USER/public_html
ServerName domain.com
CustomLog /usr/local/apache/domlogs/domain.com-ssl_log \"%t %{version}c %{cipher}c %{clientcert}c\"
SSLVerifyClient none
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key
SSLLogFile /usr/local/apache/domlogs/domain.com-ssl
UserDir public_html
ScriptAlias /cgi-bin/ /home/USER/public_html/cgi-bin/
</VirtualHost>
[Edited on 10/25/01 by Domenico] [/quote:052f761ddc]
Did you figure out what the issue was? I found the same problem on my server.
Thanks
After installing the freessl cert through telnet I can\'t get it to work.
When I do https://www.domain.com it seems to hang. The lock does appear in the right corner but that\'s it. The screen stays blank.
now I see the following when I do;
/usr/local/apache/bin/apachectl configtest
Syntax error on line 1702 of /usr/local/apache/conf/httpd.conf:
Invalid command \'SSLVerifyClient\', perhaps mis-spelled or defined by a module not included in the server configuration
What is wrong here?
\'SSLVerifyClient\' is added by the cert installation. Does this error have something to do with the cert not working?
This is what is added in httpd.conf;
<VirtualHost SERVER IP:443>
ServerAdmin [email protected]
DocumentRoot /home/USER/public_html
ServerName domain.com
CustomLog /usr/local/apache/domlogs/domain.com-ssl_log \"%t %{version}c %{cipher}c %{clientcert}c\"
SSLVerifyClient none
SSLEnable
SSLCertificateFile /usr/share/ssl/certs/domain.com.crt
SSLCertificateKeyFile /usr/share/ssl/private/domain.com.key
SSLLogFile /usr/local/apache/domlogs/domain.com-ssl
UserDir public_html
ScriptAlias /cgi-bin/ /home/USER/public_html/cgi-bin/
</VirtualHost>
[Edited on 10/25/01 by Domenico] [/quote:052f761ddc]
Did you figure out what the issue was? I found the same problem on my server.
Thanks
when you hit the button in IE, it wont do anything, already opened a bug report
It will work in NS however....
It will work in NS however....