SSL Problem

[Omar]

I am trying to install a server-signed cert for a customer's domain.

I've gone through the WHM steps, and apache has been restarted correctly, but when I go to:

https://domain.com/

I get a &The page cannot be displayed& error in Internet Explorer.

The httpd.conf doesn't seem to have any &sslenable& lines, so I'm not sure if WHM enabled SSL properly.

I am a newbie when it comes to SSL, so I'm not sure if I'm doing something wrong.

I'd appreciate any help in this matter.

- Omar

 

[Annette]

Were there any errors when you installed the cert? It doesn't sound like it actually installed correctly at all. You might want to go through it again (maybe with NS or Mozilla) and watch the output of the install. I've seen one error consistently (look for depth:20) that seems to be safe to ignore, but anything else generated might be worth a closer examination. Of course, there's always the manual install, too, and if the attempt doesn't work the second time, might be the way you'll need to go.

 

[Omar]

I managed to get another cert that looked to be installed correctly, with only the self-signed error coming up, but when WHM attempted to restart apache, it failed.

I had to quickly replace httpd.conf with a backup.

I noticed that this one had the httpd.conf lines though.

One thing that I am curious about, it seemed as if WHM added a whole new virtual host entry for the domain I made the cert for, even when that domain was already on the server as an account. (made through WHM)

Any ideas

- Omar

 

[jsteel]

It should create a new entry, but it should be wrapped in an &if ssl& statement.

I've found a bug in applying InstantSSL certs, so you are trying to apply one of those, let me know and I can tell you how to do it manually.

Jaz

 

[Annette]

Check the actual error that is being generated by tailing the error log when restarting apache after installing the cert. There should be a descriptive reason why apache is failing, which will help narrow things down. If removing the cert entries takes care of it, it's something within the cert install itself, but it should be possible to overcome this, even it it takes manual adjustment.

It is normal to have a new virtual host entry for the domain, suffixed with :443 as an indication that it contains cert-specific information for that host.

 

[Omar]

How do I tail the logfile?, I'm a bit of a newbie when it comes to checking logs in shell.

Thanks

- Omar

 

[bert]

just do:

tail /usr/local/apache/logs/error_log

or do:

tail /var/log/messages

Although the errors should appear on the apache error log, which is the first one above.

 

[moronhead]

[quote:d3e38219cf][i:d3e38219cf]Originally posted by jsteel[/i:d3e38219cf]

It should create a new entry, but it should be wrapped in an &if ssl& statement.

I've found a bug in applying InstantSSL certs, so you are trying to apply one of those, let me know and I can tell you how to do it manually.

Jaz[/quote:d3e38219cf]
What's that bug you've found with instantSSL?

 

[Marty]

when installing an instantssl cert, no

SSLCACertificateFile /usr/share/ssl/certs/domain.com.cabundle

line is added to the secure vhost entry in the httpd.conf file to point to he certificate cabundle that you paste into the WHM form.