Omar

Well-Known Member
Jul 30, 2002
82
0
156
I am trying to install a server-signed cert for a customer's domain.

I've gone through the WHM steps, and apache has been restarted correctly, but when I go to:

https://domain.com/

I get a &The page cannot be displayed& error in Internet Explorer.

The httpd.conf doesn't seem to have any &sslenable& lines, so I'm not sure if WHM enabled SSL properly.

I am a newbie when it comes to SSL, so I'm not sure if I'm doing something wrong.

I'd appreciate any help in this matter.

- Omar
 

Annette

Well-Known Member
PartnerNOC
Aug 12, 2001
445
0
316
Were there any errors when you installed the cert? It doesn't sound like it actually installed correctly at all. You might want to go through it again (maybe with NS or Mozilla) and watch the output of the install. I've seen one error consistently (look for depth:20) that seems to be safe to ignore, but anything else generated might be worth a closer examination. Of course, there's always the manual install, too, and if the attempt doesn't work the second time, might be the way you'll need to go.
 

Omar

Well-Known Member
Jul 30, 2002
82
0
156
I managed to get another cert that looked to be installed correctly, with only the self-signed error coming up, but when WHM attempted to restart apache, it failed.

I had to quickly replace httpd.conf with a backup.

I noticed that this one had the httpd.conf lines though.

One thing that I am curious about, it seemed as if WHM added a whole new virtual host entry for the domain I made the cert for, even when that domain was already on the server as an account. (made through WHM)

Any ideas

- Omar
 

jsteel

Well-Known Member
Jul 4, 2002
646
0
166
Atlanta, GA
It should create a new entry, but it should be wrapped in an &if ssl& statement.

I've found a bug in applying InstantSSL certs, so you are trying to apply one of those, let me know and I can tell you how to do it manually.

Jaz
 

Annette

Well-Known Member
PartnerNOC
Aug 12, 2001
445
0
316
Check the actual error that is being generated by tailing the error log when restarting apache after installing the cert. There should be a descriptive reason why apache is failing, which will help narrow things down. If removing the cert entries takes care of it, it's something within the cert install itself, but it should be possible to overcome this, even it it takes manual adjustment.

It is normal to have a new virtual host entry for the domain, suffixed with :443 as an indication that it contains cert-specific information for that host.
 

Omar

Well-Known Member
Jul 30, 2002
82
0
156
How do I tail the logfile?, I'm a bit of a newbie when it comes to checking logs in shell.

Thanks

- Omar
 

bert

Well-Known Member
Aug 21, 2001
602
0
316
just do:

tail /usr/local/apache/logs/error_log

or do:

tail /var/log/messages

Although the errors should appear on the apache error log, which is the first one above.
 

moronhead

Well-Known Member
Aug 12, 2001
706
0
316
[quote:d3e38219cf][i:d3e38219cf]Originally posted by jsteel[/i:d3e38219cf]

It should create a new entry, but it should be wrapped in an &if ssl& statement.

I've found a bug in applying InstantSSL certs, so you are trying to apply one of those, let me know and I can tell you how to do it manually.

Jaz[/quote:d3e38219cf]
What's that bug you've found with instantSSL?
 

Marty

Well-Known Member
Oct 10, 2001
630
1
318
when installing an instantssl cert, no

SSLCACertificateFile /usr/share/ssl/certs/domain.com.cabundle

line is added to the secure vhost entry in the httpd.conf file to point to he certificate cabundle that you paste into the WHM form.