SSL Problems

hostpc.com

Verified User
Joined
Aug 2, 2003
Messages
1,178
Location
Schenectady, NY
I need some help installing a cert ..

Assigned the IP to the account
Went over to ev1servers and got the $49 cert

Followed the directions to a "T" on site-helper.com and the cert still says
localdomain.localhost

The cp said "Certificate and Key Saved!" .. i restarted apache .. nothing

Are the directions wrong??

Thanks,
HostPC Team
 
Hello,

You need to close all browsers. IE will cache old certificates so you have to reload everything before you can see the new certificate.

John
 
Been there, done that - it's now been 48 hrs... still not working. This is the second certificate that hasn't worked, on 2 different servers. Any other ideas?
 
Check the users httpd.conf in the ssl vhost and check the lines for ssl:

SSLCertificateFile /path/to/file.crt
SSLCertificateKeyFile /path/to/file.key

check the 2 paths and ensure they contain the data you have used, if they dont - replace them with the new data.

Once that is done restart apache...

Chris
 
Hello again,

Everything looks fine there ... restarted apache .. still getting the server cert

Anymore options?

Thanks,
HostPC Staff
 
Let me rephrase my question a bit ..

As anyone got a GeoTrust Cert from EV1servers to work on DirectAdmin?

Thanks,
HostPC Staff
 
I have an instantssl comodo certificate which uses the GTECyberTrust chained certificate. The problem I had (which may not be your case) was that I had multiple web sites on this same user name. The SSL for this website needs to be the first domain listed in the user/domains/httpd.conf file. I had other domains listed first which were using the default server certificate. Once I moved domain.com (the one I have the cert for) to the top everything worked fine. Hope this helps somehow.
 
Hi,

No I have the same problem, I have even done it manually by passed the CP, and it still dont work, if you look in /etc/httpd/logs/ssl_engine_log you will find this..
[08/Jun/2004 07:43:13 03341] [error] Init: (www.sw-dns.com:443) Unable to configure RSA server private key (OpenSSL library error follows)
[08/Jun/2004 07:43:13 03341] [error] OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch.

I think it is about time the author stepped in for support.

Best regards from Alan
 
Originally posted by firefox OpenSSL: error:0B080074:x509 certificate routines:X509_check_private_key:key values mismatch.

The error is there... the data in the cert/key doesnt match...

Chris
 
SSl Key/Cert

Hi Everyone,

Yes I understand what the problem is , WHY is the real problem.

This is the second cert I have paid for, but this time I did it manually, created the key, then csr, then applied for cert.

This is how I do it on my other servers, which every time works, I feel this is a problem in the install or working of cp..

Best Regards from Alan
 
Re: SSl Key/Cert

firefox said:
Hi Everyone,

Yes I understand what the problem is , WHY is the real problem.

This is the second cert I have paid for, but this time I did it manually, created the key, then csr, then applied for cert.

This is how I do it on my other servers, which every time works, I feel this is a problem in the install or working of cp..

Best Regards from Alan

Are they chained certificates or standard?

Chris
 
Ok, could you login and confirm a few things:

Code:
grep -r "SSLCertif" /usr/local/directadmin/data/users/[b]username[/b]/httpd.conf | cut -d" " -f2

Output?

Finally, with the 2? lines it displayed:

cat /path1/ssl.crt
cat /path2/ssl.key

Do they contain the correct information? (including the -----BEGIN* and ------ END* headers?)

Chris
 
SSL

Hi Chris,

From the check you asked me to do this is the information:-

SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key


/etc/httpd/conf/ssl.key
-rw-r--r-- 1 root root 887 Jun 7 08:40 server.key

/etc/httpd/conf/ssl.crt
-r-------- 1 root root 1005 Jun 7 07:54 server.crt

And also in /etc/httpd/conf/httpd.conf I have this

# Server Certificate:
# Point SSLCertificateFile at a PEM encoded certificate. If
# the certificate is encrypted, then you will be prompted for a
# pass phrase. Note that a kill -HUP will prompt again. A test
# certificate can be generated with `make certificate' under
# built time. Keep in mind that if you've both a RSA and a DSA
# certificate you can configure both in parallel (to also allow
# the use of DSA ciphers, etc.)
SSLCertificateFile /etc/httpd/conf/ssl.crt/server.crt
#SSLCertificateFile /etc/httpd/conf/ssl.crt/server-dsa.crt

# Server Private Key:
# If the key is not combined with the certificate, use this
# directive to point at the key file. Keep in mind that if
# you've both a RSA and a DSA private key you can configure
# both in parallel (to also allow the use of DSA ciphers, etc.)
SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server.key
#SSLCertificateKeyFile /etc/httpd/conf/ssl.key/server-dsa.key
 
cat /etc/httpd/conf/ssl.crt/server.crt
cat /etc/httpd/conf/ssl.key/server.key

Do they contain the information you are trying to use?

Chris
 
Hi Chris,

Yes they do, it is the information I put in them..the key data and cert I brought..
 
Back
Top